期刊名称:Journal of Software Engineering and Applications
印刷版ISSN:1945-3116
电子版ISSN:1945-3124
出版年度:2010
卷号:3
期号:10
页码:965-971
DOI:10.4236/jsea.2010.310113
出版社:Scientific Research Publishing
摘要:The development of the information technology has brought threats to human society when it has influenced seriously the global politics, economics and military etc. But among the security of information system, buffer overrun vulnerability is undoubtedly one of the most important and common vulnerabilities. This paper describes a new technology, named program slicing, to detect the buffer overflow leak in security-critical C code. First, we use slicing technology to analyze the variables which may be with vulnerability and extract the expressions which will bring memory overflow. Secondly, we utilize debug technology to get the size of memory applied by the variable and the size of memory used for these code segments (the slicing result) further. Therefore we can judge whether it will overflow according to the analysis above. According to the unique excellence of program slicing performing in the large-scale program’s debugging, the method to detect buffer overrun vulnerability described in this paper will reduce the workload greatly and locate the code sentences affected by corresponding variable set quickly, particularly including the potential vulnerability caused by parameter dependence among the subroutines.
关键词:Program Slicing; Buffer Overflow; Inter-Procedure Slicing; Debug; System Dependence Graph
