Volume 10 Number 9 (Sep. 2015)
Home > Archive > 2015 > Volume 10 Number 9 (Sep. 2015) >
JSW 2015 Vol.10(9): 1079-1085 ISSN: 1796-217X
doi: 10.17706/jsw.10.9.1079-1085

Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods

Deng Hui*, Liu Hui, Guo Ying, Zhang Baofeng
China Information Technology Security Evaluation Center, Beijing, 100085, China.

Abstract—The information security problems caused by the software vulnerabilities have became more and more complex. Among these vulnerabilities, the ones existing in memory allocations appear to be difficult to diagnose due to the absence of an appropriate method. In order to solve this problem, we introduce a methodology including four novel frameworks in this paper. The formalization for a program called algebraic transition system is proposed first. It aims to transform the data exchange process and its security attribute of a program into algebraic systems which are able to be considered as objection functions and constraint conditions, respectively. Based on the systems, the behavior and structure of formalization are optimized with bisimulation to reduce the computing cost in the subsequent processes. The determination of bisimulation is implemented by numerical and symbolic computation. Finally, the specific detection of the memory allocation vulnerability in the C program can be changed into a constraints solving problem called Max function which is able to be resolved with the filled function method. The experiment results represent that our approach is feasible.

Index Terms—C program, memory allocation vulnerability, algebraic transition system, bisimulation, formal method.

[PDF]

Cite: Deng Hui*, Liu Hui, Guo Ying, Zhang Baofeng, "Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods," Journal of Software vol. 10, no. 9, pp. 1079-1085, 2015.

General Information

ISSN: 1796-217X (Online)
Frequency: Monthly (2006-2019); Bimonthly (Since 2020)
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
  • Dec 06, 2019 News!

    Vol 14, No 1- Vol 14, No 4 has been indexed by EI (Inspec)   [Click]

  • Apr 16, 2020 News!

    Papers published in JSW Vol 14, No 1- Vol 15 No 1 have been indexed by DBLP     [Click]

  • May 12, 2020 News!

    Vol 15, No 4 has been published with online version     [Click]

  • Aug 01, 2018 News!

    [CFP] 2020 the annual meeting of JSW Editorial Board, ICCSM 2020, will be held in Rome, Italy, July 17-19, 2020   [Click]

  • May 12, 2020 News!

    The papers published in Vol 15, No 4 have all received dois from Crossref     [Click]