中国科技核心期刊

中文核心期刊

CSCD来源期刊

空间控制技术与应用

• 论文与报告 • 上一篇    

一种软件脆弱性自动分析定位的方法

王同磊,陈朝晖   


  1. 北京控制工程研究所,北京 100190.  
  • 出版日期:2018-04-25 发布日期:2018-05-16
  • 作者简介:作者简介:王同磊(1987—),男,硕士研究生,研究方向为软件脆弱性分析;陈朝晖(1969—),男,研究员,研究方向为航天嵌入式软件技术.

A Method of Analyzing and Localizing Software Vulnerability Automatically

 WANG  Tong-Lei, CHEN  Chao-Hui-   

  1. Beijing Institute of Control Engineering, Beijing 100190, China.
  • Online:2018-04-25 Published:2018-05-16

摘要: 摘要: 为了更好地满足航空航天领域中使用的多种嵌入式软件的高可靠性要求,设计一种软件脆弱性自动分析定位的方法.该方法基于程序切片技术,改进现有的前向计算动态切片算法,利用动态程序切片收集程序运行时的动态信息,构造程序切片谱,设定相关统计量统计程序语句的脆弱性可疑度,生成脆弱性定位报告.在发现软件中存在的脆弱性后,该方法对导致此脆弱性的程序代码根源实现了自动分析定位.基于此方法设计开发了软件脆弱性自动定位工具并进行了实例验证分析,实验证明了该方法的有效性.  

关键词: 关键词: 软件脆弱性, 程序切片, 程序谱, 脆弱性定位

Abstract: Abstract:In order to meet the requirements of high reliability that is required by many embedded software in aerospace field, a method is designed to analyze and localize the software vulnerability automatically. Based on program slicing technique and improved forward computation algorithm of dynamic slicing, firstly this method collects the program dynamic information at runtime via using dynamic slicing; and then it constructs the program slice spectrum and calculates the likelihood of each slicing statement being vulnerable by some statistics; and last it reports the localization result of software vulnerability. After discovering the vulnerability in the software, this method can analyze and localize the root that causes this vulnerability. We develop a tool to test this method and the experiment proves its effectiveness.  

Key words: Keywords:software vulnerability, program slice, program spectrum, vulnerability localization

中图分类号: 

  •