【摘 要】
:
With the rapid development of software technology,software vulnerability has become a major threat to computer security.The timely detection and repair of potential vulnerabilities in software,is of g
【机 构】
:
School of Computer Science and Communication Engineering,Jiangsu University,Zhenjiang 212013,Jiangsu
【出 处】
:
第十二届中国可信计算与信息安全学术会议
论文部分内容阅读
With the rapid development of software technology,software vulnerability has become a major threat to computer security.The timely detection and repair of potential vulnerabilities in software,is of great significance in reducing system crashes and maintaining system security and integrity.This paper focuses on detecting three common types of vulnerabilities: Unused_ Variable,Use_of_Uninitialized_Variable,and Use_After_Free.We propose a method for software vulnerability detection based on an improved control flow graph and several predicates of vulnerability properties for each type of vulnerability.We also define a set of grammar rules for analyzing and deriving the three mentioned types of vulnerabilities,and design three vulnerability detection algorithms to guide the process of vulnerability detection.In addition,we conduct cases studies of the three mentioned types of vulnerabilities with real vulnerability program segments from Common Weakness Enumeration(CWE).The results of the studies show that the proposed method can detect the vulnerability existing in the tested program segments.Finally,we conduct manual analysis and experiments on detecting the three types of vulnerability program segments(30 examples for each type)from CWE,to compare the vulnerability detection effectiveness of the proposed method with that of the existing detection tool CppCheck.The results show that the proposed method performs better.In summary,the method proposed in this paper has certain feasibility and effectiveness in detecting the three mentioned types of vulnerabilities,and it will additionally have certain guiding significance for the detection of other common vulnerabilities.
其他文献
对未知协议消息序列进行聚类处理是分析协议格式的基础.从字符串匹配的角度出发,利用协议格式字段的连续性,在传统K-均值算法基础上提出一种基于连续特征的未知协议消息聚类算法.首先基于协议格式字段连续性对待测数据集进行粗聚类,提取出K-均值算法的初始聚类中心,再使用消息距离及收敛函数改进的迭代算法对数据进行迭代处理实现消息的进一步聚类.实验表明,提出的新方法与传统K-均值算法相比,在聚类准确度上提升了1
Based on the different representations of the finite field GF(256),there are different AES implementations,called dual ciphers.They have the same encryption process as AES,but with parameters modified
In order to deeply understand the security features of Windows and explore the flaws of Windows UAC mechanism,the origin of UAC mechanism is firstly introduced,and then its implementation principles a
Network functions such as intrusion detection systems(IDS)have been increasingly deployed as virtual network functions or outsourced to cloud service providers to achieve the scalability and agility a
CPS 系统架构逐渐成为工业互联网建构的重要途径,对于未来智联网建设也具有重要研究价值。由于区块链环境下,CPS系统呈现高度分布式、异构耦合等特点,如何对异构耦合的CPS 面临的级联失效等过程进行可靠性分析变得至关重要。迄今为止,该问题尚无有效而彻底的解决方案。本文首先对耦合异构CPS 系统进行了建模,并给出该系统模式下级联失效过程的理论分析;在此基础上,基于仿真实验对比分析,给出影响异构耦合CP
本文针对无人机组网过程中的密钥管理与认证问题,面向不同应用场景提出了有控制站支持的无人机网络认证方案(ASUSG)和无控制站支持的无人机网络认证方案(ASWGS),实现了无人机节点间的密钥管理和身份认证。其中,ASUSG 充分利用控制站计算资源充足、通信链路稳定的特点,将控制站作为密钥生成中心,控制站基于椭圆曲线密码体制对节点进行认证和分发密钥,节点间的认证借助控制站完成;ASWGS 基于身份密码
Nowadays,user preference data collected from e-commerce platforms have become broadly available,which makes the possibility of data mining and analyzing to improve the users experience of individual p
At present,APT attack detection has become the focus of the network security protection _eld.APT attacks are one of the most di_cult attacks in cyber attacks.The complexity and variability of AP-T att
At present,cloud computing is developing rapidly and users can access all kinds of cloud services on cloud servers anytime and anywhere.However,cloud computing is also facing urgent security problems
集合计算作为安全多方计算领域的一个重要层面,其在保密的数据挖掘、敏感医疗数据分析及网络社交等方面都有着重要的应用价值。陈等人(电子学报,2017 年)利用离散对数困难问题,设计了一种高效的集合成员关系安全两方计算协议,该方案的构造方法很新颖,具有很高的计算效率而且十分简洁。作者研究发现该协议存在一个安全漏洞,可以使得集合拥有者能够获得另一方所拥有的元素信息。在此基础上,基于集合多项式表示技术及离散