Page 25 - 《软件学报》2020年第10期
P. 25

高凤娟  等:基于污点分析的数组越界缺陷的静态检测方法                                                      3001


          [4]    Ye T, Zhang L, Wang L, Li X. An empirical study on detecting and fixing buffer overflow bugs. In: Proc. of the IEEE Int’l Conf. on
             Software Testing, Verification and Validation (ICST). IEEE, 2016. 91–101.
          [5]    Gao F,  Wang  L,  Li X.  BovInspector:  Automatic  inspection  and repair of buffer overflow  vulnerabilities. In: Proc. of  the 31st
             IEEE/ACM Int’l Conf. on Automated Software Engineering (ASE). IEEE, 2016. 786–791.
          [6]    Bao T, Gao F, Zhou Y, Li Y, Wang L, Li X. Automatically validating static buffer overflow warnings based on guided symbolic
             execution. Journal of Cyber Security, 2016,(2):46–60 (in Chinese with English abstract).
          [7]    Wang L, Li F, Li L, Feng XB. Principle and practice of taint analysis. Ruan Jian Xue Bao/Journal of Software, 2017,28(4):860–882
             (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5190.htm [doi: 10.13328/j.cnki.jos.005190]
          [8]    Chimdyalwar B. Survey of array out of bound access checkers for C code. In: Proc. of the 5th India Software Engineering Conf.
             ACM, 2012. 45–48.
          [9]    Ming J, Wu D, Xiao G, Wang J, Liu P. TaintPipe: Pipelined symbolic taint analysis. In: Proc. of the 24th {USENIX} Security Symp.
             ({USENIX} Security 15). 2015. 65−80.
         [10]    Newsome J, Song DX. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity
             software. In: Proc. of the Network and Distributed System Security Symp. (NDSS). 2005,5:3–4.
         [11]    Khedker U, Sanyal A, Sathe B. Data Flow Analysis: Theory and Practice. CRC Press, 2009.
         [12]    Kildall GA. A unified approach to global program optimization. In: Proc. of the 1st Annual ACM SIGACT-SIGPLAN Symp. on
             Principles of Programming Languages. ACM, 1973. 194–206.
         [13]    Galler SJ,  Aichernig BK. Survey  on test data generation tools.  Int’l Journal on Software  Tools for  Technology  Transfer,
             2014,16(6):727–751.
         [14]    De Moura L, Bjørner N. Z3: An efficient SMT solver. In: Proc. of the Int’l Conf. on Tools and Algorithms for the Construction and
             Analysis of Systems. Berlin, Heidelberg: Springer-Verlag, 2008. 337–340.
         [15]    Z3 theorem prover. https://z3.codeplex.com/
         [16]    Gao F, Chen T, Wang Y, Situ L, Wang L, Li X. Carraybound: Static array bounds checking in C programs based on taint analysis.
             In: Proc. of the 8th Asia-Pacific Symp. on Internetware. ACM, 2016. 81–90.
         [17]    Zhou Y. Extensible framework for static vulnerability detection based on taint analysis [Ph.D. Thesis]. Nanjing: Nanjing University,
             2017 (in Chinese with English abstract).
         [18]    Cppcheck. http://cppcheck.net/
         [19]    Checkmarx. https://www.checkmarx.com/
         [20]    Fortify static code analyzer. https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview
         [21]    Costa M, Crowcroft J, Castro M, Rowstron A, Zhou L, Zhang L, Barham P. Vigilante: End-to-end containment of Internet worms.
             ACM SIGOPS Operating Systems Review, 2005,39(5):133–147.
         [22]    Crandall JR, Su Z, Wu SF, Chong FT. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm
             exploits. In: Proc. of the 12th ACM Conf. on Computer and Communications Security (CCS). ACM, 2005. 235–248.
         [23]    Suh GE, Lee JW, Zhang D, Devadas S. Secure program execution via dynamic information flow tracking. ACM SIGPLAN Notices,
             2004,39(11):85–96.
         [24]    Wang X, Jhi YC, Zhu S, Liu P. Still: Exploit code detection via static taint and initialization analyses. In: Proc. of the 2008 Annual
             Computer Security Applications Conf. (ACSAC). IEEE, 2008. 289–298.
         [25]    Ceara  D,  Mounier  L, Potet ML.  Taint dependency sequences:  A  characterization of insecure  execution paths based on input-
             sensitive cause sequences. In: Proc. of the 3rd Int’l Conf. on Software Testing, Verification, and Validation Workshops. IEEE, 2010.
             371–380.
         [26]    Andersen LO. Program analysis and specialization for the C programming language [Ph.D. Thesis]. University of Cophenhagen,
             1994.
         [27]    Steensgaard  B. Points-to  analysis  in  almost linear time. In: Proc. of the 23rd  ACM SIGPLAN-SIGACT Symp. on Principles of
             Programming Languages. ACM, 1996. 32–41.
         [28]    Chen C, Huo W, Yu H, Feng X. A survey of optimization technology of inclusion-based pointer analysis. Jisuanji Xuebao/Chinese
             Journal of Computers, 2011,34(7):1224–1238 (in Chinese with English abstract).
   20   21   22   23   24   25   26   27   28   29   30