| C language widely used by embedded application softwares, such as Aerospace softwares, is not a safe programming language.An important reason is that there are a large number of undefined behaviors and unsafe usages in theirs standard. It will bring a serious security violations and bring down the software quality and the software security and reliability if not used properly. At present, the common practice to avoid security vulnerabilities is to develop security sub-set of embedded C programming language and theirs source codes audit system in order to detect the security vulnerabilities automatically.In this paper, a software static detecting model and a source codes audit system based on XML intermediate model and vulnerabilities patterns are designed by referring to design principle of the compiling system on the basis of researching GJB 5369-2005.In view of the advantage of data storage and data exchange, the source code is interpreted as through the syntax-directed parse, while safety rules are translated into vulnerabilities patterns.An Xquery expression is designed to locate security vulnerabilities matching the vulnerability pattern from the XML intermediate model with the help of vulnerability pattern. Finally, redirection of software detects is carried out from the XML intermediate pattern to the source file accurately.C_Detector running on Windows has been developed using Visual Studio2008 development platform. The experimental result shows that this method can effectively detect the software vulnerabilities in violation of safety rules. Besides, free configuration and expansion are realized through the system interface used to customized rules.This system can not only detect the code automatly, but also provide a configuration interface of security rules.Finally, through analysing C_Detector, the application value in detecting software vulnerabilities and improving software security level can also be shown. |
PDF Full Text Request