Research And Implementation Of Security Analysis Tools Based On Customized Rules

The project background of this thesis is based on the static analysis of the C code of HUAWEI company.This project will design a safety code for the C code,this article C program static security detection is built on the safety specifications.The project aims to introduce a relatively automatic and customized code detection method for C coding personnel,to help code personnel to detect software security vulnerabilities,in order to ensure the safety of software products.The thesis designs a security check module customization tools,the main process is to check through the path information in the source program.Security vulnerability detection source program is through the traversal path and source program related information,analysis of the safety rules specified in the text can match to complete safety rules.The first step is to input the external security rules into the Security Analyzer for the analysis.Security rules are stored in the program data structure.Then for any path,based on data flow analysis,stored in a control flow nodes on the source program and the storage safety rules and to carry on the corresponding,information security detection will alert in the corresponding to the safety rules corresponding to the illegal transfer.Firstly,for grammar model for the design of customized rules,make customized rules source program model that can meet most of the structure in C.The design and Realization of correlation matching algorithm model and the source program.The abstract syntax tree form corresponding to the safety rules in the model.The correlation matching algorithm tree isomorphism.Security analyzer reads outside users to develop safety rules,and source code matching matched for safety analysis,finally find out security vulnerabilities.The first point of the project is the establishment of the abstract syntax tree and the increase of the semantic action in the syntax tree to carry on the code placement and operation.The second key technology is to use the secturity rules in the abstract syntax tree tools provided by the traverse device to increase the semantic action can be carried out pattern matching.Matching degree with the source code,the detection code in the vulnerability.The third point is the design and implementation of the state transition control when pattern matching is completed.Finally,the security analysis tools are tested and analyzed.By writing the security rules to detect the use cases,we can get a more satisfactory vulnerability,and realize the function of the security analysis tools.At last,the performance of the tool is tested,and the validity and performance of the security analysis tool based on the customized rules are verified.And recognize that many of the problems need to be improved.