| A security vulnerabilities inspection mechanism based on state machine, which is used to support external definition of security rules during security analysis and inspect the security vulnerabilities for a C/C++ program static security checker, is designed and implemented in this thesis.Firstly, basic theories about security vulnerabilities is studied, and a security vulnerabilities inspection mechanism based on the state machine is presented according to the actual needs of the C/C++ program static security checker. Secondly, the advanced technique and its trend in development nowadays about external definition of security rules are discussed, and the security rules descriptive language which adopts a conception-state machine, related data structures and the security rules parser are designed and implemented. Thirdly, based on the control flow graph and data flow analysis, a state transition processor is designed and implemented, which is responsible for achieving the state attachment and transition of some variables according to the security rules during security analysis in order to inspect security vulnerabilities. The overall workflow and related algorithms in the processor are discussed in detail. Finally, the application of control flow graph and alias information in the security analysis is discussed, and it is demonstrated by example that the mechanism meets the requirements of the security checker. |
PDF Full Text Request