| Now that the Internet is booming,software developers think of ways to increase the efficiency of program execution.As multi-core processors and parallel distributed systems are widely used,concurrent programming is increasingly favored by more and more developers.Although concurrent programs are widely used at present,the uncertainty of program execution introduces a new problem,that is,a concurrent vulnerability.C language is the most widely used programming language,but for performance reasons,it does not do multi-threaded checking,the program execution process will call multiple threads,the multiple threads to share system memory,at the same time,multiple Threads compete for shared resources,and perform different operations,it will hinder the operation of other threads,resulting in the thread of insecurity.Therefore,the development of a program for the C vulnerability detection program is of great significance.This article focuses on the static analysis and detection techniques of concurrent vulnerabilities.From the perspective of concurrent programs,according to the characteristics of its analysis of the characteristics of concurrent vulnerabilities to achieve concurrent detection of C programs loopholes in the program mainly for the following work:(1)Analyze the characteristics of concurrent programs to summarize the characteristics of concurrent vulnerabilities,and then put forward the technical challenges according to the current status of concurrent vulnerability detection technologies(2)From the source code level of the software program,it analyzes the causes of "dirty cow" loopholes.The analysis found that the "dirty cow" vulnerability is due to a competitive conflict between the Linux kernel memory subsystem and the write-on-copy mechanism for handling private read-only memory mappings,resulting in the destruction of private read-only memory maps.The race condition is caused by the introduction of a thread scheduling function,the execution of multiple threads of uncertainty,resulting in the thread of insecurity.(3)According to the reason of "dirty cow" loopholes,we further analyze the multi-threading phenomenon in concurrent programs and conclude that the concurrent loopholes always occur in the case of multi-threading.The detection of concurrent vulnerabilities should locate the thread of software code function.(4)Constructing test cases for competition condition and deadlock vulnerability.Based on the taint analysis technology,a static analysis and detection scheme was formulated by means of primitive model marking,and the test scheme was verified by experiments. |
PDF Full Text Request