计算机工程

• 安全技术 • 上一篇    下一篇

基于依赖的J2EE程序污点分析方法

郭帆,周轩   

  1. (江西师范大学 计算机信息工程学院,南昌 330022)
  • 收稿日期:2015-04-20 出版日期:2016-06-15 发布日期:2016-06-15
  • 作者简介:郭帆(1977-),男,副教授,主研方向为网络与信息安全;周轩,硕士研究生。
  • 基金项目:
    国家自然科学基金资助项目(61562040,61562041)。

J2EE Program Taint Analysis Method Based on Dependency

GUO Fan,ZHOU Xuan   

  1. (College of Computer and Information Engineering,Jiangxi Normal University,Nanchang 330022,China)
  • Received:2015-04-20 Online:2016-06-15 Published:2016-06-15

摘要: 污点分析通常采用近似或简化方法对大规模程序进行分析,导致分析结果不精确。为此,扩展现有变量依赖关系定义,对不同方法参数的依赖关系以及域变量和参数的依赖关系进行建模,提出一种面向J2EE程序、基于需求的数据依赖图构建方法。根据预定义的污点分析方法和扩展定义的依赖关系构建数据依赖边,采用多阶段分析方法遍历依赖图中的依赖路径,以有效分析较大规模程序。实验结果表明,与现有Java污点分析方法TAJ相比,该方法的精确度和时间性能均有较大提高。

关键词: 污点分析, 依赖关系, 建模方法, 数据依赖图, 多阶段分析

Abstract: Taint analysis usually uses approximate or simplified method to analyze large scale program.So that the results are imprecise.In order to solve this problem,by extending current definition of dependency relation,modeling dependent relation between parameters of the method,modeling the relation between heap variable and parameters,this paper presents a new method to construct a demand-based data dependent graph orienting J2EE programs.This method uses predefined taint analysis method and extending definition for dependency relation to build data dependency edges.Multistage analysis method traverses dependency paths in dependency graph so as to analyze large scale programs efficiently.Experimental results show that the method has much improvement on analysis precision and time performance compared with Taint Analysis for Java(TAJ) method.

Key words: taint analysis, dependency relationship, modeling method, data dependency graph, multi-phase analysis

中图分类号: