计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (8): 96-108.DOI: 10.3778/j.issn.1002-8331.2010-0354

• 网络、通信与安全 • 上一篇    下一篇

基于抽象内存模型的内存相关漏洞检测方法

许健,陈平华,熊建斌   

  1. 1.广东工业大学 计算机学院,广州 510006
    2.广东技术师范大学 自动化学院,广州 510665
  • 出版日期:2022-04-15 发布日期:2022-04-15

Memory-Related Vulnerability Detection Method Based on Abstract Memory Model

XU Jian, CHEN Pinghua, XIONG Jianbin   

  1. 1.School of Computer, Guangdong University of Technology, Guangzhou 510006, China
    2.School of Automation, Guangdong Polytechnic Normal University, Guangzhou 510665, China
  • Online:2022-04-15 Published:2022-04-15

摘要: 针对现有的内存相关漏洞检测方法中存在依赖指针数据流而导致大量误报漏报、缺乏漏洞特征的形式化描述以及漏洞特征描述不全面的问题,提出一种基于抽象内存模型的内存相关漏洞检测方法。对抽象内存模型进行相关定义;基于抽象内存模型,对内存泄露、重复释放内存和读写释放后的内存这三种与内存相关的漏洞类型的特征进行形式化符号表示;基于代码的控制流图,利用可行路径求解算法得到代码的所有可行路径,并对所有可行路径上的抽象内存进行运行时状态判定,从而检测代码是否存在内存相关的漏洞;使用Juliet Test Suite中的CWE401、CWE415、CWE416三个内存相关漏洞的测试数据集对提出的检测方法进行验证,实验结果表明,相比依赖指针数据流的检测方法,该方法在内存相关漏洞检测的误报率和漏报率均降低。

关键词: 内存相关漏洞检测, 抽象内存模型, 内存泄漏, 重复释放内存, 读写释放后的内存

Abstract: Aiming at the problems of the existing memory-related vulnerability detection model algorithms that rely on pointer data flow which is resulting in a large number of false positives and false negatives, lack of formal description of vulnerability characteristics, and incomplete description of vulnerability characteristics, a method for memory-related vulnerability detection based on abstract memory model is proposed. Firstly, it defines the abstract memory model. Then, based on the abstract memory model, it formalizes and symbolizes the characteristics of the three types of memory-related vulnerabilities:memory leak, double free, and use after free. Secondly, based on the control flow graph of the code, it uses the feasible path solving algorithm to obtain all feasible paths of the code, and the runtime state of the abstract memory is determined on all feasible paths to detect whether the code has memory-related vulnerabilities. Finally, the detection method is verified on the three test data sets of CWE401, CWE415, and CWE416 related to memory vulnerabilities in Juliet Test Suite, and the experimental results show that compared with the detection methods that rely on pointer data flow, the false positive rate and false negative rate of the method in the detection of memory-related vulnerabilities are reduced.

Key words: memory-related vulnerabilities detection, abstract memory model, memory leak, double free, use after free