| With the rapid development of computer technology,the demand for software in all walks of life is growing,and more and more people are enjoying the convenience brought by software systems.However,it is inevitable that the development of information technology is confronted with vulnerabilities in software,and if these vulnerabilities are not identified in a timely manner,it will bring great hidden dangers to the security of software and seriously threaten the security of software,as is the case with buffer overflow vulnerabilities.The study of vulnerability detection theories,models and techniques is not only necessary for vulnerability detection or buffer overflow vulnerabilities,but also to solve the inconvenience and losses caused by software vulnerabilities to users,which is of great significance to protect users’ privacy and property security.At present,considerable research results have been achieved in the area of vulnerability detection,but for buffer overflow vulnerabilities,the research on using taint analysis technology to solve buffer overflow vulnerabilities is still not comprehensive,mainly in the following aspects: First,the current taint analysis in solving buffer overflow vulnerabilities only focuses on external input data can lead to the occurrence of vulnerabilities,while some internal system data can also lead to The second is that the impact of control flow is not taken into account in the detection process.Some programs adopt buffer overflow protection mechanisms to prevent buffer overflows from occurring,without taking into account the impact of control flow on the program path and data size,resulting in a high false alarm rate.To address these shortcomings,the main work of this paper is described as follows:1.This article proposes a model for buffer overflow vulnerability detection by studying and analysing the source code of the vulnerability,combining taint analysis techniques with finite state automata theory.In order to address the impact of internal data and control flow on detection,internal data that may trigger vulnerabilities are marked during taint analysis and finite state automata are used to formally describe the spatial state of the program under test to improve the accuracy and precision of vulnerability detection.2.To measure the feasibility and effectiveness of the buffer overflow vulnerability detection model in terms of accuracy,miss rate and false alarm rate,the Juliet Test Suite open source test set was selected for experimentation,and the open source static analysis tools cppcheck and splint were selected for validation and comparison.The validation results show that the buffer overflow vulnerability detection model and method proposed in the paper have good vulnerability detection capability.The research in this paper is derived from practical project requirements.based on the methods in this paper,a prototype buffer overflow vulnerability detection system,BOVDM-VDS,was designed and implemented on a domestic operating system.the main models in the BOVDM-VDS system are a taint analysis module,a finite state automaton generation module and a vulnerability detection report generation module.by comparing and analysing the test results on open source datasets,the method is shown to be feasibility and effectiveness.Figure[34] Table [15] reference[82]... |
PDF Full Text Request