C++代码缺陷检测系统的研究与设计
|
摘要
随着信息化产业的高速发展,人们对软件系统安全性和可靠性的要求越来越高,软件测试面临着重大挑战。基于静态分析的自动化检测对提高软件质量有着极其重要的意义,它可以在软件开发的各个阶段对程序代码进行检测,有效的提高测试的质量和速度,大幅降低软件测试的成本。
本文设计了一个基于XML中间承载模型的缺陷检测模型,该模型通过对程序源代码进行词法语法解析,提取程序代码中有用的状态属性信息,利用XML良好的扩展性和简洁的数据存储特性,将解析出的代码属性信息导入XML中间承载模型中。将安全编程规范中的缺陷规则用缺陷模式来描述,利用Xquery查询语言将缺陷模式转换成对应的Xquery缺陷匹配表达式,通过Xquery缺陷匹配表达式对中间承载模型进行安全检测,查找中间承载模型中与缺陷模式匹配的问题节点,最终,凭借缺陷重定位机制将缺陷精确定位到程序代码中。
在此基础上,针对《MISRA C++2008》安全规则集进行了深入分析,设计了一个基于规则的缺陷自动检测系统。该系统能对C/C++语言编写的程序进行全面而准确的安全检测。经大量实际测试表明该系统能有效提高软件系统的安全性和可靠性,具有较高的使用价值。
With the rapid development of information industry, the awareness of software security and reliability of the system is increasing. As an important means of improving software security and reliability, automated software testing based on static analysis has an extremely important significance for improving software quality, it can detect the program code in all stages of software development, and effectively improve the quality and the speed of software testing, dramatically reduce the development costs.
In this paper, a defect detection model based on XML intermediate host model is designed. The source code is interpreted as through the syntax-directed parse of this model; so that useful status attribute information of code are extracted. In view of the advantage of expansibility and data storage, the status attribute information is imported into XML middle host model. An Xquery expression is designed to locate security vulnerabilities matching the vulnerability pattern from the XML intermediate host model with the help of vulnerability pattern. Finally, redirection of software detects is carried out from the XML intermediate pattern to the source file accurately
An automatic vulnerability static detection system based on safety rules are designed by an in-depth research on MISRA C++2008.This detection system can give a comprehensive and accurate detection to C/C++language program. As substantial test show, this system can effectively improve security and reliability of software system, the application value in detecting software is very high.
本文设计了一个基于XML中间承载模型的缺陷检测模型,该模型通过对程序源代码进行词法语法解析,提取程序代码中有用的状态属性信息,利用XML良好的扩展性和简洁的数据存储特性,将解析出的代码属性信息导入XML中间承载模型中。将安全编程规范中的缺陷规则用缺陷模式来描述,利用Xquery查询语言将缺陷模式转换成对应的Xquery缺陷匹配表达式,通过Xquery缺陷匹配表达式对中间承载模型进行安全检测,查找中间承载模型中与缺陷模式匹配的问题节点,最终,凭借缺陷重定位机制将缺陷精确定位到程序代码中。
在此基础上,针对《MISRA C++2008》安全规则集进行了深入分析,设计了一个基于规则的缺陷自动检测系统。该系统能对C/C++语言编写的程序进行全面而准确的安全检测。经大量实际测试表明该系统能有效提高软件系统的安全性和可靠性,具有较高的使用价值。
With the rapid development of information industry, the awareness of software security and reliability of the system is increasing. As an important means of improving software security and reliability, automated software testing based on static analysis has an extremely important significance for improving software quality, it can detect the program code in all stages of software development, and effectively improve the quality and the speed of software testing, dramatically reduce the development costs.
In this paper, a defect detection model based on XML intermediate host model is designed. The source code is interpreted as through the syntax-directed parse of this model; so that useful status attribute information of code are extracted. In view of the advantage of expansibility and data storage, the status attribute information is imported into XML middle host model. An Xquery expression is designed to locate security vulnerabilities matching the vulnerability pattern from the XML intermediate host model with the help of vulnerability pattern. Finally, redirection of software detects is carried out from the XML intermediate pattern to the source file accurately
An automatic vulnerability static detection system based on safety rules are designed by an in-depth research on MISRA C++2008.This detection system can give a comprehensive and accurate detection to C/C++language program. As substantial test show, this system can effectively improve security and reliability of software system, the application value in detecting software is very high.
引文
[1]Glenford.J. Myers. The Art of Software Test ing [M]. Canada:Word Association,2004.
[2]徐明昌,刘坚.基于抽象语法树的数组越界的静态检测方法[J].计算机工程,2006,32(1):108-109.
[3]杨宇,张健.程序静态分析技术与工具[J].计算机科学,2004(2):171-174.
[4]G. McGraw, Software Security [J], IEEE Security & Privacy,2004,2(2):80-83.
[5]Bruce Potter, Gary McGraw. Software Security Test ing [J]. IEEE. Security & Privacy. 2004,5(2):81-85.
[6]Brian Chess, Jacob West. Secure Programming with static Analysis[M].MA:Addison Wesley Professional,2007.
[7]赵鹏宇,万琳,宫云战.未初始化变量的一种静态分析方法[J].计算机工程与设计,2007,28(4):751-754.
[8]Chess B, McGraw G. Static analysis for security[J]. IEEE security & privacy.2004 (6):32-35.
[9]Xia Yiming. Security Vulnerability Detection Study Based on Static Analysis [J]. Computer Science,2006,33(10):279—283.
[10]张林,曾庆凯.软件安全漏洞的静态检测技术[J].计算机工程.2008(34):157-159.
[11]Cousot P, Cousot R. Abstract interpretation:A unified Lattice model for static analysis of programs by construction or approximation of fixpoints[C]. Proc. of the 4th POPL. Los Angeles:ACM Press,1977.238-252.
[12]D. Wagner et al., A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities[J], Proc.7th Network and Distributed System Security Symposium. (NDSS2000), Internet Soc.,2000,3-17.
[13]N. A. Kraft, E. B. Duyy, and B. A. Malloy. Grammar Recovery from Parse Trees and Metrics-Guided Grammar Refactoring [J]. IEEE Transactions on Software Engineering, Nov.-Dec.2009,35(6):780-794.
[14]Stallman RM. Using and Porting the GNU Compiler Collection for GCC 3.1 [M]. Baston, USA:Free Software Foundation,2001.
[15]D. Hovemeyer and W. Pugh, Finding Bugs is Easy[C], to appear in Companion of the 19th Ann. ACM Conf. Object-Oriented Programming, Systems, Languages, and Applications, ACM Press,2004,39(12):11-16.
[16]Alfred V. Aho, Ravi Sethi, Jeffery D. Ullman. Compilers:Priciples, Techniques, and Tools[M].2nd ed. New Jersey, USA:Addison-Wesley,2007.
[17]Brian Chess, Jacob West. Secure Programming with static Analysis[M]. MA:Addison Wesley Professional,2007.
[18]Volanschi N. A portable compiler-integrated approach to permanent checking[C]/ Proc. of the 2006 IEEE international Conference on Automated Software Engineering. Washington, DC, USA,2006:103-112.
[19]J. Foster, T. Terauchi, and A. Aiken, Flow-Sensitive Type Qualifiers, Proc. ACM Conf. Programming Language Design and Implementation[C], ACM Press,2002,37(5): 1-12.
[20]D. Larochelle and D. Evans, Statically Detecting Likely Buffer Overflow Vulnerabilities[C], Proc.10th Usenix Security Symp., Usenix Assoc.,2001,177-189.
[21]H. Chen and D. Wagner, MOPS:An Infrastructure for Examining Security Properties of Software[C], Proc.9th ACM Conf. Computer and Communications Security (CCS2002), ACM Press,2002,235-244.
[22]M. Das, S. Lerner, and M. Seigle, ESP:Path-Sensitive Program Verification in Polynomial Time[C], Proc. ACM Conf. Programming Language Design and Implementation(PLDI2002), ACM Press,2002,57-68.
[23]David Detlefs, Greg Nelson, James B. Saxe. Simplify:a theorem prover for program checking[J]. Journal of the ACM,2005,52(3):365-473.
[24]S. H. Yong, S.Horwitz. Protecting C programs from attacks via invalid pointer dereferences[J]. In Foundations of Software Engineering,2003,28(5):307-316.
[25]徐厚峰,马晓东.空指针解引用错误检测的静态方法研究[J].计算机工程与科学,2009,31(3):92-96.
[26]梁成才,章代雨,林海静.软件缺陷的综合研究[J].计算机工程,2006,32(19):88-90.
[27]宫云战.软件测试教程[M].北京:机械工业出版社,2008.
[28]基于XML的安全漏洞通用描述语言[J],计算机应用与软件,2005(6):122-125.
[29]Yang J, Kremenek T, Xie Y, Engler D. MECA:An extensible, expressive system and language for statically checking security properties[C]//Proc. of the 2003 ACM Conference on Computer and Communication Security. Washington, DC, USA,2003: 321-334.
[30]Een N., Sorensson N. An extensible SAT-solver[C]//Proc. of the 6th International Conference on Theory and Applications of Satisfiability Testing. Santa Margherita Ligure, Italy,2003:502-518.
[31]MISRA C++:2008, Guidelines for the use of the C++Language in Critical System[S]. MISRA (Motor Industry Software Reliability Association),2008.1-134.
[32]贺平.软件测试教程[M].北京:电子工业出版社,2005.
[33]Samuel P.Harbison Guy L. Steele Jr. C:A Reference Manual, Fifth Edition. C语言参考手册(5版)[M],徐波译。北京:机械工业出版社,2008.206-223.
[34]牛爱民,叶东升.软件安全性技术在工程中的应用[J].计算机工程与设计,2007,28(20):5063-5065.
[35]Linux2.6.24[CP/OL]. http://www. kernel. org.
[2]徐明昌,刘坚.基于抽象语法树的数组越界的静态检测方法[J].计算机工程,2006,32(1):108-109.
[3]杨宇,张健.程序静态分析技术与工具[J].计算机科学,2004(2):171-174.
[4]G. McGraw, Software Security [J], IEEE Security & Privacy,2004,2(2):80-83.
[5]Bruce Potter, Gary McGraw. Software Security Test ing [J]. IEEE. Security & Privacy. 2004,5(2):81-85.
[6]Brian Chess, Jacob West. Secure Programming with static Analysis[M].MA:Addison Wesley Professional,2007.
[7]赵鹏宇,万琳,宫云战.未初始化变量的一种静态分析方法[J].计算机工程与设计,2007,28(4):751-754.
[8]Chess B, McGraw G. Static analysis for security[J]. IEEE security & privacy.2004 (6):32-35.
[9]Xia Yiming. Security Vulnerability Detection Study Based on Static Analysis [J]. Computer Science,2006,33(10):279—283.
[10]张林,曾庆凯.软件安全漏洞的静态检测技术[J].计算机工程.2008(34):157-159.
[11]Cousot P, Cousot R. Abstract interpretation:A unified Lattice model for static analysis of programs by construction or approximation of fixpoints[C]. Proc. of the 4th POPL. Los Angeles:ACM Press,1977.238-252.
[12]D. Wagner et al., A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities[J], Proc.7th Network and Distributed System Security Symposium. (NDSS2000), Internet Soc.,2000,3-17.
[13]N. A. Kraft, E. B. Duyy, and B. A. Malloy. Grammar Recovery from Parse Trees and Metrics-Guided Grammar Refactoring [J]. IEEE Transactions on Software Engineering, Nov.-Dec.2009,35(6):780-794.
[14]Stallman RM. Using and Porting the GNU Compiler Collection for GCC 3.1 [M]. Baston, USA:Free Software Foundation,2001.
[15]D. Hovemeyer and W. Pugh, Finding Bugs is Easy[C], to appear in Companion of the 19th Ann. ACM Conf. Object-Oriented Programming, Systems, Languages, and Applications, ACM Press,2004,39(12):11-16.
[16]Alfred V. Aho, Ravi Sethi, Jeffery D. Ullman. Compilers:Priciples, Techniques, and Tools[M].2nd ed. New Jersey, USA:Addison-Wesley,2007.
[17]Brian Chess, Jacob West. Secure Programming with static Analysis[M]. MA:Addison Wesley Professional,2007.
[18]Volanschi N. A portable compiler-integrated approach to permanent checking[C]/ Proc. of the 2006 IEEE international Conference on Automated Software Engineering. Washington, DC, USA,2006:103-112.
[19]J. Foster, T. Terauchi, and A. Aiken, Flow-Sensitive Type Qualifiers, Proc. ACM Conf. Programming Language Design and Implementation[C], ACM Press,2002,37(5): 1-12.
[20]D. Larochelle and D. Evans, Statically Detecting Likely Buffer Overflow Vulnerabilities[C], Proc.10th Usenix Security Symp., Usenix Assoc.,2001,177-189.
[21]H. Chen and D. Wagner, MOPS:An Infrastructure for Examining Security Properties of Software[C], Proc.9th ACM Conf. Computer and Communications Security (CCS2002), ACM Press,2002,235-244.
[22]M. Das, S. Lerner, and M. Seigle, ESP:Path-Sensitive Program Verification in Polynomial Time[C], Proc. ACM Conf. Programming Language Design and Implementation(PLDI2002), ACM Press,2002,57-68.
[23]David Detlefs, Greg Nelson, James B. Saxe. Simplify:a theorem prover for program checking[J]. Journal of the ACM,2005,52(3):365-473.
[24]S. H. Yong, S.Horwitz. Protecting C programs from attacks via invalid pointer dereferences[J]. In Foundations of Software Engineering,2003,28(5):307-316.
[25]徐厚峰,马晓东.空指针解引用错误检测的静态方法研究[J].计算机工程与科学,2009,31(3):92-96.
[26]梁成才,章代雨,林海静.软件缺陷的综合研究[J].计算机工程,2006,32(19):88-90.
[27]宫云战.软件测试教程[M].北京:机械工业出版社,2008.
[28]基于XML的安全漏洞通用描述语言[J],计算机应用与软件,2005(6):122-125.
[29]Yang J, Kremenek T, Xie Y, Engler D. MECA:An extensible, expressive system and language for statically checking security properties[C]//Proc. of the 2003 ACM Conference on Computer and Communication Security. Washington, DC, USA,2003: 321-334.
[30]Een N., Sorensson N. An extensible SAT-solver[C]//Proc. of the 6th International Conference on Theory and Applications of Satisfiability Testing. Santa Margherita Ligure, Italy,2003:502-518.
[31]MISRA C++:2008, Guidelines for the use of the C++Language in Critical System[S]. MISRA (Motor Industry Software Reliability Association),2008.1-134.
[32]贺平.软件测试教程[M].北京:电子工业出版社,2005.
[33]Samuel P.Harbison Guy L. Steele Jr. C:A Reference Manual, Fifth Edition. C语言参考手册(5版)[M],徐波译。北京:机械工业出版社,2008.206-223.
[34]牛爱民,叶东升.软件安全性技术在工程中的应用[J].计算机工程与设计,2007,28(20):5063-5065.
[35]Linux2.6.24[CP/OL]. http://www. kernel. org.