摘要： 给出缓冲区溢出的基本原理和现有检测技术，针对二进制可执行文件中存在的缓冲区溢出漏洞，提出一种缓冲区溢出检测模型，该模型采用静态检测和动态检测相结合的方法。对检测结果采取污点跟踪法进行人工分析，采用插件技术给出缓冲区溢出检测模型的具体设计。实验结果证明该模型的设计是有效的。

关键词: 缓冲区溢出, 可执行文件, 静态检测, 动态检测, 人工分析

Abstract: This paper describes the basic principles of buffer overflow and the current detection technology, and presents a detection model for buffer overflow vulnerability on binary executable file. The model uses static and dynamic detection technologies, and analyzes artificially the result in stain-tracking way. It gives specific reality for the detection model for buffer overflow in plug-in technology. Experimental results show effectiveness of the defection model.

Key words: buffer overflow, executable file, static detection, dynamic detection, artificial analysis

中图分类号: 

• TP393.8