北京航空航天大学学报 ›› 2008, Vol. 34 ›› Issue (03): 319-322.

• 论文 • 上一篇    下一篇

C程序缓冲区溢出漏洞精确检测方法

李吉,王雷   

  1. 北京航空航天大学 计算机学院, 北京 100083
  • 收稿日期:2007-06-29 出版日期:2008-03-31 发布日期:2010-09-17
  • 作者简介:李 吉(1979-),男,四川绵竹人,硕士生,desanlee@hotmail.com.

Method for precisely detecting buffer overflow vulnerabilities in C programs

Li Ji, Wang Lei   

  1. School of Computer Science and Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China
  • Received:2007-06-29 Online:2008-03-31 Published:2010-09-17

摘要: C程序中的缓冲区溢出漏洞是影响系统安全性的严重问题,利用工具有效地检测并消除出这一漏洞,可以大大提高系统的安全性.针对现有工具在检测缓冲区溢出漏洞上的不足,提出了一种利用模型检测技术对C语言代码中潜在的缓冲区溢出漏洞进行精确检测的新方法.该方法首先将对缓冲区漏洞的检测转化为对程序某个位置可达性的判定,再使用模型检测工具对可达性进行验证.使用这一方法建立了一个精确检测C程序中缓冲区溢出漏洞的原型系统,并使用该原型系统进行了试验.结果表明该方法可以较为精确地检测并定位出代码中的漏洞.

Abstract: Buffer overflow (BO) vulnerability in C programs is one of the most crucial threats to the security of a system. Using tools to detect and eliminate this kind of vulnerability in programs will give the system sufficient ability to maintain security environment. For the scarcity of accuracy in detecting BO vulnerabilities, current bug-hunting tools can not precisely detect BO vulnerabilities. A new method was proposed, which uses model checking, to precisely detect potential BO in C programs. This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs and uses model checking tool to do the verification job. Using this method, a prototype system has been developed and been tested with some benchmarks. The early results show that this method can precisely detect BO vulnerabilities in C programs.

中图分类号: 


版权所有 © 《北京航空航天大学学报》编辑部
通讯地址:北京市海淀区学院路37号 北京航空航天大学学报编辑部 邮编:100191 E-mail:jbuaa@buaa.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发