| With widespread use of web applications, the problem of networking security has been attached big importance by the public, and it has become a new research field on how to detect security vulnerabilities involved in software, and how to reduce the risk of software.Tainted data (TD) and deadlock are two typical types of security vulnerabilities. To address these problems, this thesis does some research on them, and describes the design and implementation of the detection of TD and deadlock in detail.The main content and contribution of this paper are list below. Firstly, this thesis summarizes the advantages and disadvantages of existing approaches on detection of TD and deadlock. The existing static detection methods on TD are mainly path-insensitive, so it may cause a large amount of false positives. While, current detection of deadlock could not directly solve this complex problem effectively. Secondly, this thesis refines the existing methods. A detection system for TD, which is path-sensitive and context-sensitive, is designed and implemented, and a new framework of deadlock's detection is designed as well. This framework divides the complex problem of deadlock detection into four sub-problems, which can be directly solved by existing static analysis technologies, including reachable analysis, alias analysis, parallel analysis and gatelock analysis. Finally, this thesis compares the testing results with another static analysis tool--Klocwork. According to the experiment results, we found that our algorithm could reduce the number of false positives and false negatives more effectively than Klocwork.In conclusion, the achievement of our research results enriches the approaches on how to detect deadlock, and has a certain theoretical and practical importance. In addition, this thesis provides an effective approach for TD detection. |
PDF Full Text Request