| 源码审核技术中的词法分析 |
| |
| 作者姓名: | 肖锋 张玉清 |
| |
| 作者单位: | 1. 西安电子科技大学计算机网络与信息安全教育部重点实验室, 西安 710071;
2. 中国科学院研究生院国家计算机网络入侵防范中心, 北京 100049 |
| |
| 基金项目: | 国家自然科学基金(60573048,60773135,90718007)和国家863计划项目(2007AA01Z427,2007AA01Z450)资助 |
| |
| 摘 要: | 源代码审核是指在编码阶段发现和修正软件源代码中存在的安全漏洞,词法分析是源代码审核中的一项重要技术.详细分析了词法分析的实现过程,完善了危险函数数据库,优化了特征分析方法,特别是将贝叶斯理论成功运用于词法分析,并成功开发出一个词法分析工具SSCAN.测试结果表明,SSCAN比主流词法分析软件Flawfinder和Rats具有更高的完整性和准确性.
|
| 关 键 词: | 源代码审核 词法分析 特征分析 贝叶斯决策 |
| 收稿时间: | 2008-06-28 |
| 修稿时间: | 2008-11-06 |
Lexical analysis in source code analysis |
| |
| Authors: | XIAO Feng ZHANG Yu-Qing |
| |
| Institution: | 1. Key Lab of Computer Networks and Information Security of Ministry of Education, Xidian University, Xi'an 710071, China;
2. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | Source code analysis means detecting and correcting the security vulnerabilities of these software in time during the coding stage, and lexical analysis is one of the important techniques in it. In this paper, we manage to detailedly analyze the implement process of lexical analysis, improve dangerous function database, optimize the method of features analysis,and particularly introduce Bayesian theory to the lexical analysis. In addition, a lexical analysis tool SSCAN is designed and implemented successfully, which is proved to have higher integrity and accuracy than mainstream open-source lexical analysis software Flawfinder and Rats by several tests. |
| |
| Keywords: | source code analysis lexical analysis features analysis Bayesian theory |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
