%0 Journal Article
%T 基于符号执行的注入类安全漏洞的分析技术<br>Static Analysis of Injection Security Vulnerabilities Based on Symbolic Execution
%A 孙基男
%A 潘克峰
%A 陈雪峰
%A 张君福
%J 北京大学学报（自然科学版）
%D 2018
%R 10.13209/j.0479-8023.2017.101
%X 摘要 用符号值作为输入, 模拟程序执行, 提取执行路径上相应的约束条件, 即安全约束、攻击约束以及防御约束, 并构成可满足矩阵(SAT)以及不可满足矩阵(UNSAT)两个注入类漏洞安全分析与检测模型, 矩阵模型的求解结果可映射为注入类安全漏洞的安全状态。对Web应用注入类漏洞的检测实验表明, 与目前安全分析主流工具相比, 该分析技术具有降低误报率、漏报率、能自动生成攻击向量等优点。<br>Abstract This research work receives symbols as input variables, simulates the execution of program, extracts the constraints binding with execution paths, such as security constraints, attack constraints and defense constraints, and constructs the SAT judgment matrix and UNSAT judgment matrix as injection vulnerabilities analysis models. According to the logical reduction results of the matrices, the states of injection vulnerabilities are decided. In the controlled experiments, the false positive and false negative ratios are greatly reduced, and the prototype system can generate correct exploits automatically.
%K 注入类安全漏洞
%K 符号执行
%K 程序静态分析
%K Web应用安全&lt
%K br&gt
%K injection vulnerability
%K symbolic execution
%K static analysis
%K web application security
%U http://xbna.pku.edu.cn/CN/abstract/abstract3159.shtml