| Nowadays, software security vulnerabilities have become the important way of hack attack. Any security vulnerability introduced by software design or implementation could be a security incident and bring a big loss in the future.Array index out of bounds is the most common form of buffer overrun vulnerabilities. It is common in software of using the array type. The vulnerabilities will bring less loss if we earlier find the potential vulnerabilities of software.Firstly, the classification of software security vulnerabilities and several important static analysis methods are analyzed and the problem of array index out of bounds is discussed in this paper.Secondly, an useful static analysis method for detecting array index out of bounds in Java program is presented. This method is based on integer range constraint which uses capacity and index range to depict the array variable. The description attributes of every array variable and every integer variable are treated as the program state.Then we use integer range constraint to depict the changes of program state and generate the constraint system. After that, we solve the constraint system to get its least solution and compare the capacity with the index range of the array variable to judge whether there is a vulnerability. This method takes function as processing units and deals every function from bottom to up according to the function calls without considering the existing of recursive function.Finally, the design and implementation of the system for detecting array index out of bounds in Java program is introduced with the test results. |
PDF Full Text Request