高级检索
    王 雷 陈 归 金茂忠. 基于约束分析与模型检测的代码安全漏洞检测方法研究[J]. 计算机研究与发展, 2011, 48(9): 1659-1666.
    引用本文: 王 雷 陈 归 金茂忠. 基于约束分析与模型检测的代码安全漏洞检测方法研究[J]. 计算机研究与发展, 2011, 48(9): 1659-1666.
    Wang Lei, Chen Gui, and Jin Maozhong. Detection of Code Vulnerabilities via Constraint-Based Analysis and Model Checking[J]. Journal of Computer Research and Development, 2011, 48(9): 1659-1666.
    Citation: Wang Lei, Chen Gui, and Jin Maozhong. Detection of Code Vulnerabilities via Constraint-Based Analysis and Model Checking[J]. Journal of Computer Research and Development, 2011, 48(9): 1659-1666.

    基于约束分析与模型检测的代码安全漏洞检测方法研究

    Detection of Code Vulnerabilities via Constraint-Based Analysis and Model Checking

    • 摘要: 与传统的程序分析相比,模型检测具有较高的检测精度,但无法将其直接应用于缓冲区溢出、代码注入等安全漏洞的检测.为解决此问题,提出了基于约束分析与模型检测相结合的安全漏洞自动检测方法.首先,通过约束分析跟踪代码中缓冲区的信息,在涉及缓冲区操作的危险点生成相应的属性传递和属性约束语句,并将安全漏洞检测问题转化为模型检测方法可接受的可达性检测问题.然后,采用模型检测方法对安全漏洞的可达性进行判断.同时采用程序切片技术,以减少状态空间.对6个开源软件的检测结果表明,基于该方法实现的CodeAuditor原型系统发现了18个新漏洞,误报率为23%.对minicom的切片实验显示,检测性能有较大提高.

       

      Abstract: Compared with traditional program analysis, model checking is preponderant in improving the precision of vulnerabilities detection. However, it is hard to directly apply model checking to detect buffer overflow, code injection and other security vulnerabilities. To address this problem, an approach that combines the constraint-based analysis and the model checking together to detect vulnerabilities automatically is proposed in this paper. At first we trace the information of the buffer-related variables in source code by the constraint-based analysis, and instrument the code with corresponding attribute transfer and constraint assertions of the buffers before the potential vulnerable points that are related to the buffers. And then the problem of detecting vulnerabilities is converted into the problem of verifying the reachability of these constraint assertions. Model checking is used to verify the reachability of the security vulnerabilities. In addition, we introduce program slicing to reduce the code size in order to reduce the state space of model checking. CodeAuditor is the prototype implementation of our methods. With this tool, 18 previously unknown vulnerabilities in six open source applications are discovered and the observed false positive rate is at around 23%. The result of minicom’s slicing shows that the performance of detection is improved.

       

    /

    返回文章
    返回