北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (6): 90-93.doi: 10.13190/jbupt.200806.90.193

• 研究报告 • 上一篇    下一篇

基于整型变量一致化的整数溢出检测

徐国爱1, 张 淼1, 陈爱国1, 李忠献2   

  1. (1. 北京邮电大学 灾备技术国家工程实验室, 北京 100876; 2. 天津市国瑞数码安全系统有限公司, 天津 300052)
  • 收稿日期:2008-05-04 修回日期:2008-09-11 出版日期:2008-12-31 发布日期:2008-12-31
  • 通讯作者: 徐国爱

An Integer Overflow Detection Method Based on Integer Variable Unification

XU Guo-ai1, ZHANG Miao1, CHEN Ai-guo1, LI Zhong-xian2   

  1. (1. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China; 2. National Cybernet Security Limited, Tianjin 300052, China)
  • Received:2008-05-04 Revised:2008-09-11 Online:2008-12-31 Published:2008-12-31
  • Contact: XU Guo-ai

摘要:

在研究整数溢出产生原因的基础上,提出基于整型变量一致化处理且面向软件源代码整数溢出的检测方法.该方法将整数溢出检测问题抽象为1个多元不等式组求解的问题,用以解决上下文环境对整数溢出检测的影响.实例分析表明,该方法可有效解决源代码中整数溢出漏洞的检测问题.

关键词: 整数溢出, 静态代码分析, 控制流分析, 信息安全

Abstract:

Through analyzing the principium of integer overflow, an integer overflow detection method on software source code is proposed which is based on integer variable unification. We presented the integer variable unification method and defined three unified actions which were used in three given cases. Then the detection process was described, it simplified integer overflow flaw into mathematic inequalities, and removed the influence of context to the objective variable. Finally, instances were provided to demonstrate the effectiveness and practicability of the presented method.

Key words: integer overflow, static analysis, control flow analysis, information security

中图分类号: