【摘要】：隨著計算機網(wǎng)絡的快速發(fā)展和開源思想的普及,網(wǎng)絡上開源代碼、算法和功能模塊等與軟件開發(fā)相關的信息不斷豐富著計算機軟件的開發(fā)工作,并且一些軟件在一定程度上會借鑒或引用網(wǎng)絡上的相關開源代碼或者開源框架以減少開發(fā)復雜度和提高開發(fā)效率。但是,網(wǎng)絡上的這些開源代碼和功能模塊可能存在著各種潛在的缺陷,如:安全漏洞、后門代碼和木馬病毒等,在軟件開發(fā)過程中,如果軟件源代碼中引用了有缺陷問題的代碼,該軟件就很可能把缺陷代碼的缺陷問題引入到開發(fā)的軟件中。這種軟件安全問題,是當前安全領域研究的熱點,也是本論文研究的重點。論文介紹了源代碼同源比對及缺陷分析相關技術,在此基礎上,首先對抽象語法樹比對技術進行了改進,提出了基于抽象語法樹剪枝比對算法。該算法能夠有效地發(fā)現(xiàn)一些針對底層數(shù)據(jù)修改的同源代碼,在一定程度上提高了源代碼同源比對結果的準確度。其次,把源代碼程序依賴圖技術應用到缺陷代碼檢測之中,改進了靜態(tài)污點分析技術的相關算法,提出了基于程序依賴關系的缺陷檢測算法。該算法能夠在程序依賴圖結構基礎上結合源代碼靜態(tài)污點分析技術來實現(xiàn)針對缺陷代碼的檢測。論文設計和實現(xiàn)了一種基于源代碼同源比對的缺陷檢測系統(tǒng),該系統(tǒng)使用了基于文本和抽象語法樹的同源比對技術,通過將參與檢測的源代碼文本同系統(tǒng)缺陷代碼庫中缺陷代碼進行同源比對來實現(xiàn)針對源代碼的缺陷檢測;系統(tǒng)支持缺陷代碼庫的管理功能,用戶能夠根據(jù)自身需要選擇、添加和刪除相應的缺陷代碼庫。通過測試,驗證了系統(tǒng)開發(fā)過程中所用到的相關技術的有效性,對系統(tǒng)進行了整體驗證,取得了很好的效果。
[Abstract]:With the rapid development of computer network and the popularization of open-source ideas, the information related to software development, such as open source code, algorithms and function modules, is enriching the work of computer software development. And to some extent, some software will use or reference the related open source code or open source framework on the network to reduce the development complexity and improve the development efficiency. However, these open source code and functional modules on the network may have a variety of potential defects, such as security vulnerabilities, backdoor code and Trojan viruses, in the process of software development, If the source code of the software refers to the defective code, the software is likely to introduce the defect problem of the defect code into the developed software. This kind of software security is a hot topic in the field of security, and it is also the focus of this paper. This paper introduces the related technologies of source code homology alignment and defect analysis. On this basis, the abstract syntax tree alignment technology is improved, and the pruning matching algorithm based on abstract syntax tree is proposed. The algorithm can effectively find some source code modified for the underlying data, and improve the accuracy of source code homology alignment to a certain extent. Secondly, the source code dependency graph technology is applied to defect code detection, and the related algorithms of static stain analysis are improved, and a defect detection algorithm based on program dependency is proposed. The algorithm can detect the defect code based on the structure of the program dependency graph and the static stain analysis technology of the source code. A defect detection system based on source code homology alignment is designed and implemented in this paper. The system uses the technology of homology alignment based on text and abstract syntax tree. The source code text involved in the detection is compared with the defect code in the system defect code base to realize the defect detection for the source code, the system supports the management function of the defect code base, and the user can choose according to his own needs. Add and delete the defect code base. The validity of the related technologies used in the development of the system is verified through the test. The system is verified as a whole and good results are obtained.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2016
【分類號】：TP311.52

【參考文獻】

相關期刊論文 前10條

1 朱雪梅;王興起;方景龍;王大全;;二進制程序整型符號轉換缺陷的動態(tài)檢測方法[J];計算機工程與應用;2015年18期

2 羅琴靈;蔣朝惠;;多策略軟件代碼缺陷檢測方法研究[J];貴州大學學報(自然科學版);2015年03期

3 李鄭;李姝;王俊;劉士進;;基于抽象語法樹分析的版本控制分支合并算法[J];計算機系統(tǒng)應用;2015年03期

4 陳翔;鞠小林;文萬志;顧慶;;基于程序頻譜的動態(tài)缺陷定位方法研究[J];軟件學報;2015年02期

5 徐濟惠;;基于Simhash算法的海量文檔反作弊技術研究[J];計算機技術與發(fā)展;2014年09期

6 劉鑫;;論計算機軟件安全技術分析[J];民營科技;2014年04期

7 秦曉軍;甘水滔;陳左寧;;一種基于一階邏輯的軟件代碼安全性缺陷靜態(tài)檢測技術[J];中國科學:信息科學;2014年01期

8 劉麗霞;張志強;;基于Trie樹的相似字符串查找算法[J];計算機應用;2013年08期

9 楊軼;蘇璞睿;應凌云;馮登國;;基于行為依賴特征的惡意代碼相似性比較方法[J];軟件學報;2011年10期

10 李虎;劉超;劉楠;李曉麗;;Java源代碼字節(jié)碼剽竊檢測方法及支持系統(tǒng)[J];北京航空航天大學學報;2010年04期

相關博士學位論文 前2條

1 陸華彪;網(wǎng)絡惡意代碼協(xié)同識別與特征提取研究[D];國防科學技術大學;2013年

2 趙云山;基于符號分析的靜態(tài)缺陷檢測技術研究[D];北京郵電大學;2012年

相關碩士學位論文 前2條

1 吳太文;基于缺陷分析的軟件體系結構退化研究[D];中南大學;2013年

2 梁北海;基于污點分析的Java Web程序脆弱性檢測方法研究[D];華中科技大學;2013年

，

本文編號：2222716