Source code facing buffer overflow detection method based on inequalities solving

Abstract

The present invention provides a overflow detecting method of buffer solving based on the set of inequalities faced to the source code, including following steps: (1) processing initialization set in order to describe constraint condition of the risk function; (2) processing morphology and grammar analysis to the input program source code to generate a program dependency graph; (3) finding relative risk function callable statement in the program dependency graph according to inequality constraint condition of the buffer overflow in the risk function base; (4) finding sentence having data dependent or control relation with the risk function in the program dependency graph aimed to the found risk function to form dependent sentence sequence, in other words a set of inequalities; (5) verifying constraint condition of the inequality in the buffer overflow whether establishing or not. The method can greatly resolve the problems of inaccurate grasp fault of the impact of the length property of the buffer variable or parameter when processing program control relation in the present static code analyzing technology, effectively reduces the rate of false alarm of the buffer overflow exploit code.

Description

technical field [0001] The present invention relates to a technology of how to detect buffer overflow in computer software source code, to be precise, relates to a method for detecting buffer overflow in source code based on solving inequality groups, which belongs to software security technology in information security field. Background technique [0002] In today's information society, the status of computer software is becoming more and more important. The continuous innovation of software development technology enables the software to achieve very rich and powerful functions, while the interface presented to users is simpler and more convenient. However, the security risks associated with software are also increasing day by day. Not only are the number far greater than ever before, but the degree of harm is also extremely serious. The large scale of software, the instability of newly developed software technology and the defects of classic software technology will all ...

AI Technical Summary

Problems solved by technology

[0047] In view of this, the purpose of the present invention is to provide a kind of source code-oriented method for detecting buffer overflow based on the solution of inequality groups for the deficiencies in the existing buffer overflow detection technology. The method is based on static code analysis technology and Inequality automatic proof theory, which is successfully developed by making full use of traditional technology and developing and innovating, can overcome the shortcomings of previous static code analysis technology, and better solve the problem of buffer variables or parameters when the existing method handles the program control relationship. The impact of the length attribute cannot be accurately grasped, effectively reducing the false positive rate of buffer overflow vulnerability detection

Images