Design And Implementation Of Security Vulnerability Analyzer Based On Automaton

A security vulnerability inspection mechanism based on Automaton Theory is designed and implemented for a C/C++program static security checker in this thesis, which can support the users of the checker to define custom security rules and analyze security rules dynamically.Firstly, basic theories about security vulnerabilities are introduced in this thesis. On this base, the security vulnerability inspection mechanism based on automaton theory is discussed, and automaton description language grammer based on pattern and Automata Semantics structure is designed and implemented for the security vulnerability inspection mechanism. In order to improve the accuracy of the analysis, the pattern matching algorithm, semantic Analyzer and interprocedual analysis is designed and implemented. Pattern matching utilizes abstract syntax tree isomorphism algorithm; Pointer semantics determines the semantics of programs through semantic constraints to check out security vulnerabilities; Interprocedural analysis adopts summary-based context sensitive analysis. Finally, experiments are designed and the results illustrate the security inspection mechanism based on automaton in the thesis can check out security vulnerabilities in the source code effectively.