Abstract:
A testbed which includes the common vulnerabilities is built. The paper compares three typical and publicly available tools by applying them to the testbed individually for sake of preventing intrusion. The result reveals that the tools building on finding vulnerable library functions have low false negatives rates but high false positives rates, the constrained based tools have low false positives rates but high false negatives rates, and the module checkers have high true positives rates when finding attacks against given security rules, but have high false negatives rates when finding many kinds of vulnerabilities.
Key words:
Intrusion prevention; Static analysis; Buffer overflow; Format string bugs; Race condition
摘要: 建立了一个具有常见漏洞的测试代码,然后通过扫描测试代码来比较3 个典型应用静态分析技术来防范入侵的常用工具。比较结果揭示了检查漏洞库函数的工具漏报率较低,但误报率较高;基于约束分析的工具误报率较低,但漏报率较高;利用软件模型来检测漏洞的工具在检测违背指定安全规则的漏洞时漏报率较低,但在检测具有许多安全漏洞类型的程序时漏报率却非常低。
关键词:
防范入侵;静态分析;缓冲区溢出;格式化串溢出;竞争条件
WU Chunmei, XIA Nai, MAO Bing. A Comparison of Static Analysis Technology for Intrusion Prevention[J]. Computer Engineering, 2006, 32(3): 174-176,253.
吴春梅,夏 耐,茅 兵. 防范入侵的静态分析技术比较[J]. 计算机工程, 2006, 32(3): 174-176,253.