软件安全检查工具前端的设计与实现
|
摘要
本文研究和讨论的软件安全检查工具可以在程序的编译阶段对其进行安全分析,尽可能全面地检查出程序存在的安全漏洞,从而避免这些漏洞在程序的运行阶段造成更严重的问题。
软件安全检查工具由前端和后端两个部分组成。本文首先讨论了该工具前端中建立符号表和生成抽象语法树的作用和意义;其次认真分析、研究了分析器自动生成工具ANTLR提供的语法分析规则;在此基础上采用语法制导翻译的方法,通过在语法分析规则的产生式中添加语义动作和标记,实现了符号表的建立和抽象语法树的生成。论文所做的工作充分利用了ANTLR提供的自动生成机制,提高了前端的可靠性和可扩充性,并为后端的构建奠定了良好的基础。
本文最后分析了与内存资源相关的安全漏洞的表现形式,论述了软件安全检查工具前端对这些安全漏洞的检查方法,实践证明该工具前端能够满足对所述安全漏洞检查的需要。
The software safety checking tool studied and discussed in this paper is capable of checking the safety of a program when it is compiled and inspecting safety holes that might exist in the analyzed program as comprehensively as possible, thereby keeping the program from more serious issues when it is executed.
The software safety checking tool is composed of a front end and a back end. First of all, this paper discusses the function and significance of building symbol tables and creating abstract syntax trees in the front end of the software safety checking tool. Secondly, the syntax analyzing rules provided by the analyzer automatic production tool ANTLR are studied thoroughly. Based on this, symbol tables are built and abstract syntax trees are created by appending semantic actions and tags in the productions of the syntax analyzing rules with the method of syntax-directed translation. This method fully makes use of the automatic production mechanism provided by ANTLR, thus could enhance the reliability and extendibility of the front end and lay a good foundation for the construction of the back end.
Finally, the manifestations of safety holes related to memory resources are analyzed and studied. The front end of this tool is capable of checking these holes by appending semantic actions in the syntax analyzing rules provided by ANTLR and symbol table modules according to some well-designed algorithms. It is practically proved that the front end of this tool can satisfy the need of checking the safety holes above mentioned.
软件安全检查工具由前端和后端两个部分组成。本文首先讨论了该工具前端中建立符号表和生成抽象语法树的作用和意义;其次认真分析、研究了分析器自动生成工具ANTLR提供的语法分析规则;在此基础上采用语法制导翻译的方法,通过在语法分析规则的产生式中添加语义动作和标记,实现了符号表的建立和抽象语法树的生成。论文所做的工作充分利用了ANTLR提供的自动生成机制,提高了前端的可靠性和可扩充性,并为后端的构建奠定了良好的基础。
本文最后分析了与内存资源相关的安全漏洞的表现形式,论述了软件安全检查工具前端对这些安全漏洞的检查方法,实践证明该工具前端能够满足对所述安全漏洞检查的需要。
The software safety checking tool studied and discussed in this paper is capable of checking the safety of a program when it is compiled and inspecting safety holes that might exist in the analyzed program as comprehensively as possible, thereby keeping the program from more serious issues when it is executed.
The software safety checking tool is composed of a front end and a back end. First of all, this paper discusses the function and significance of building symbol tables and creating abstract syntax trees in the front end of the software safety checking tool. Secondly, the syntax analyzing rules provided by the analyzer automatic production tool ANTLR are studied thoroughly. Based on this, symbol tables are built and abstract syntax trees are created by appending semantic actions and tags in the productions of the syntax analyzing rules with the method of syntax-directed translation. This method fully makes use of the automatic production mechanism provided by ANTLR, thus could enhance the reliability and extendibility of the front end and lay a good foundation for the construction of the back end.
Finally, the manifestations of safety holes related to memory resources are analyzed and studied. The front end of this tool is capable of checking these holes by appending semantic actions in the syntax analyzing rules provided by ANTLR and symbol table modules according to some well-designed algorithms. It is practically proved that the front end of this tool can satisfy the need of checking the safety holes above mentioned.
引文
[1]蒋辉.基于控制流图的指针引用合法性检查.西安电子科技大学硕士学位论文.2007年.
[2]C++语言安全编程指南,西安电子科技大学,软件工程研究所,2006.7.
[3]廉婷丽,刘坚.与继承相关的C++程序错误模式.微机发展.2004.6
[4]李建平.C++程序安全漏洞及检测方法的研究.西安电子科技大学硕士学位论文.2003年.
[5]刘坚,陆仲达,李慧贤等.软件安全模式与C++语言安全漏洞研究(卷1).西安电子科技大学软件工程研究所.2005年.
[6]张立勇,陈甫鸼,张彦春等.软件安全模式与C++语言安全漏洞研究(卷2).西安电子科技大学软件工程研究所.2005年.
[7]Sam Weber, Paul A. Karger, Amit Paradkar. A software Flaw Taxonomy:Aiming Tools At Security. Software Engineering for Secure System-Building Trustworthy Application (SESS'05) St Louis Missouri, USA Copyright 2005 ACM 1-59593-114-7/05/05
[8]Brian Chess, Gary McGraw. Static Analysis for Security. IEEE Security & Privacy November/December 2004:76-79.
[9]Joint Strike Fighter Air Vehicle C++ Coding Standards for System Development and Demonstratrion Program December 2005.
[10]Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis. Springer-Verlag New York, Inc., Secaucus,NJ, USA,1999.
[11]http://wiki.ccw.com.cn/
[12]http://softlab.jlu.edu.cn/data/research/p_analyse.html
[13]E.M.Clarke, Orna Grumberg, Doron Peled. Model Checking. Published by MIT Press,1999.
[14]G. J. Holzmann. The Model Checker SPIN. Software Engineering,23(5):279-295,1997.
[15]Wegener.J, Sthamer.H, Baresel.A. Application Fields for Evolutionary Testing. Proceedings of the 9th European International Conference on Software Testing Analysis&Review(Eurostar 2001), Stockholm, Sweden, November 2001.
[16]M. Harman, B. Jones. Search-based software engineering. Information and Software Technology,2001,43(14):833-839.
[17]施珍珍.基于数据流的指针别名分析.西安电子科技大学硕士学位论文.2007年.
[18]Michael Emst. Static and dynamic analysis:synergy and duality. WODA 2003:ICSE Workshop on Dynamic Analysis,2003.24-27.
[19]Static Source Code Analysis Tools for C, http://spinroot.com/static/
[20]Coverity Company Home Page, http://www.coverity.com
[21]Jonathan Pincus Home Page, http://research.microsoft.com/users/jpincus/
[22]ESP Home Page, http://www.microsoft.com/windows/cse/pa/esp.mspx
[23]SPlint Home Page, http://www.splint.org
[24]PCint Home Page, http//www.gimpel.com
[25]Popt Home Page, http://directory.fsf.org/libs/popt.html
[26]Valgrind Home Page, http://valgrind.org/
[27]Kcachegrind Home Page, http://kcachegrind.sourceforge.net/
[28]IBM Software-Rational Purify, http://www-306.ibm.com/software/awdtools/purify/
[29]GCC Home Page, http://gcc.gnu.org
[30]Parasoft CodeWidzard Home Page, http://www.parasoft.com
[31]STLlint Home Page, http://www.cs.rpi.edu/-gregod/STLlint/
[32]ISO/IEC 9899:1999(E). International Standard:Programming languages-C. Second Edition. December 1999.
[33]ISO/IEC 14882:1998(E). International Standard:Programming languages-C++. First Edition. September 1998.
[34]Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman. Compilers Principles, Techniques, & Tools(Sencond Edition) (英文版).北京:人民邮电出版社.2008年.597-632.
[35]刘坚.编译原理基础(第二版).西安电子科技大学出版社.2008年.
[36]ANTLR Reference Manual, http://www.antlr.org/doc/index.html.
[2]C++语言安全编程指南,西安电子科技大学,软件工程研究所,2006.7.
[3]廉婷丽,刘坚.与继承相关的C++程序错误模式.微机发展.2004.6
[4]李建平.C++程序安全漏洞及检测方法的研究.西安电子科技大学硕士学位论文.2003年.
[5]刘坚,陆仲达,李慧贤等.软件安全模式与C++语言安全漏洞研究(卷1).西安电子科技大学软件工程研究所.2005年.
[6]张立勇,陈甫鸼,张彦春等.软件安全模式与C++语言安全漏洞研究(卷2).西安电子科技大学软件工程研究所.2005年.
[7]Sam Weber, Paul A. Karger, Amit Paradkar. A software Flaw Taxonomy:Aiming Tools At Security. Software Engineering for Secure System-Building Trustworthy Application (SESS'05) St Louis Missouri, USA Copyright 2005 ACM 1-59593-114-7/05/05
[8]Brian Chess, Gary McGraw. Static Analysis for Security. IEEE Security & Privacy November/December 2004:76-79.
[9]Joint Strike Fighter Air Vehicle C++ Coding Standards for System Development and Demonstratrion Program December 2005.
[10]Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis. Springer-Verlag New York, Inc., Secaucus,NJ, USA,1999.
[11]http://wiki.ccw.com.cn/
[12]http://softlab.jlu.edu.cn/data/research/p_analyse.html
[13]E.M.Clarke, Orna Grumberg, Doron Peled. Model Checking. Published by MIT Press,1999.
[14]G. J. Holzmann. The Model Checker SPIN. Software Engineering,23(5):279-295,1997.
[15]Wegener.J, Sthamer.H, Baresel.A. Application Fields for Evolutionary Testing. Proceedings of the 9th European International Conference on Software Testing Analysis&Review(Eurostar 2001), Stockholm, Sweden, November 2001.
[16]M. Harman, B. Jones. Search-based software engineering. Information and Software Technology,2001,43(14):833-839.
[17]施珍珍.基于数据流的指针别名分析.西安电子科技大学硕士学位论文.2007年.
[18]Michael Emst. Static and dynamic analysis:synergy and duality. WODA 2003:ICSE Workshop on Dynamic Analysis,2003.24-27.
[19]Static Source Code Analysis Tools for C, http://spinroot.com/static/
[20]Coverity Company Home Page, http://www.coverity.com
[21]Jonathan Pincus Home Page, http://research.microsoft.com/users/jpincus/
[22]ESP Home Page, http://www.microsoft.com/windows/cse/pa/esp.mspx
[23]SPlint Home Page, http://www.splint.org
[24]PCint Home Page, http//www.gimpel.com
[25]Popt Home Page, http://directory.fsf.org/libs/popt.html
[26]Valgrind Home Page, http://valgrind.org/
[27]Kcachegrind Home Page, http://kcachegrind.sourceforge.net/
[28]IBM Software-Rational Purify, http://www-306.ibm.com/software/awdtools/purify/
[29]GCC Home Page, http://gcc.gnu.org
[30]Parasoft CodeWidzard Home Page, http://www.parasoft.com
[31]STLlint Home Page, http://www.cs.rpi.edu/-gregod/STLlint/
[32]ISO/IEC 9899:1999(E). International Standard:Programming languages-C. Second Edition. December 1999.
[33]ISO/IEC 14882:1998(E). International Standard:Programming languages-C++. First Edition. September 1998.
[34]Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman. Compilers Principles, Techniques, & Tools(Sencond Edition) (英文版).北京:人民邮电出版社.2008年.597-632.
[35]刘坚.编译原理基础(第二版).西安电子科技大学出版社.2008年.
[36]ANTLR Reference Manual, http://www.antlr.org/doc/index.html.