| With the widespread use of computer technology in all aspects in our society and the existence of attacks caused by software vulnerabilities, software security is becoming more and more important。Although there is not prefect software in the world, we can try our best to reduce vulnerabilities of software.C programming language, flexible and efficient, is widely used in operating systems compile and other application software designs. However, more and more vulnerabilities begin to emerge due to its lack of security mechanism. In this thesis, directly against format string vulnerabilities, a new system FSDS (Format String Vulnerability Detection System) will be presented.First, we analyze investigative actuality of format string vulnerabilities as well as the causes, damages of the vulnerability and also compare varied security leakage detection technologies.Second, we discuss the theory and the application of type qualifiers proposed by Shankar in detail. Based on type qualifiers, we develop detection system of FSDS, by which we detect Cfengine, Muh, Smbftpd and find format string vulnerabilities.Finally, we compare our detection system FSDS with Pscan, FormatShield and so on. Our detection system FSDS which don't need complicated preparation and program execution before use can protect against arbitrary memory read, write attempts and support wrapped functions. What's more, our FSDS has a user-friendly interface and easy to use. |
PDF Full Text Request