Volume 10 Number 9 (Sep. 2015)
Home > Archive > 2015 > Volume 10 Number 9 (Sep. 2015) >
JSW 2015 Vol.10(9): 1079-1085 ISSN: 1796-217X
doi: 10.17706/jsw.10.9.1079-1085

Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods

Deng Hui*, Liu Hui, Guo Ying, Zhang Baofeng
China Information Technology Security Evaluation Center, Beijing, 100085, China.

Abstract—The information security problems caused by the software vulnerabilities have became more and more complex. Among these vulnerabilities, the ones existing in memory allocations appear to be difficult to diagnose due to the absence of an appropriate method. In order to solve this problem, we introduce a methodology including four novel frameworks in this paper. The formalization for a program called algebraic transition system is proposed first. It aims to transform the data exchange process and its security attribute of a program into algebraic systems which are able to be considered as objection functions and constraint conditions, respectively. Based on the systems, the behavior and structure of formalization are optimized with bisimulation to reduce the computing cost in the subsequent processes. The determination of bisimulation is implemented by numerical and symbolic computation. Finally, the specific detection of the memory allocation vulnerability in the C program can be changed into a constraints solving problem called Max function which is able to be resolved with the filled function method. The experiment results represent that our approach is feasible.

Index Terms—C program, memory allocation vulnerability, algebraic transition system, bisimulation, formal method.

[PDF]

Cite: Deng Hui*, Liu Hui, Guo Ying, Zhang Baofeng, "Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods," Journal of Software vol. 10, no. 9, pp. 1079-1085, 2015.

General Information

ISSN: 1796-217X
Frequency: Monthly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jsw@iap.org
  • Nov 29, 2018 News!

    Papers published in JSW Vol. 13, No. 1- Vol. 13 No. 10 have been indexed by DBLP.    [Click]

  • Aug 24, 2018 News!

    Vol.12, No.8- Vol.13, No.5 has been indexed by EI (Inspec).   [Click]

  • Aug 01, 2018 News!

    [CFP] 2019 the annual meeting of JSW Editorial Board, ICCSM 2019, will be held in Barcelona, Spain, July 14-16, 2019.   [Click]

  • Nov 08, 2018 News!

    The papers published in Vol.13, No. 10 have all received dois from Crossref.

  • Nov 29, 2018 News!

    Vol 13, No. 12 has been published with online version 4 original aritcles from 3 countries are published in this issue.     [Click]