一种格式化字符串脆弱性动态检测技术
A Dynamic Detection Technique to Format String Vulnerability
-
摘要: 为了提高计算机软件的安全性, 对C程序中的格式化字符串脆弱性的原理、特征进行了分析, 在分析的基础上提出了一种动态检测技术.利用此检测技术实现的一种格式化字符串脆弱性检测工具能较准确地检测到C目标程序中的格式化字符串脆弱性.分析结果对编写更安全的C程序具有参考价值, 检测技术具有实用价值.Abstract: In order to improve the security of computer software, the principle and the feature of format string vulnerability in C programs are analyzed.Based on the analysis, a dynamic detection technique is advanced.By taking use of the technique, a detection tool is produced.The tool can efficiently detect format string vulnerabilities in C binary programs.The analysis result can be a reference to make more secure C programs, and the detection technique is practical.