会议专题

A Program Vulnerabilities Detection Frame by Static Code Analysis and Model Checking

In this article we address program errors, and through the static code analysis. First, we use inter-procedural based on analysis and blunt insensitive vulnerability testing model, - extracted from the source code. Second, we use of model checking to solve the model. In addition, we do alias analysis method is correct and accuracy testing model. This paper proposed concepts are aimed at those general class buffer of those loopholes and can be applied to the detection of buffer overrun vulnerabilities types such as format string of attacks, and the test code injection. In order to evaluate the effectiveness of CodeAuditor, use the tool to detect the loophole few C affinity grams. We take six open source applications as a test. Experimental results show that, 18 previously unknown vulnerabilities in six open source applications have found our tools. The observation is false positives in about 23%.

Program Vulnerabilities Detection Static Code Analysis Model Checking

LIU Xin CAI Wandong

School of Computer Science Northwestern Polytechnical University

国际会议

2011 IEEE 3rd International Conference on Communication Software and Networks(2011第三届通信软件与网络国际会议 ICCSN2011)

西安

英文

130-134

2011-05-27(万方平台首次上网日期,不代表论文的发表时间)