Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods - Volume 10 Number 9 (Sep. 2015) - JSOFTWARE
Volume 10 Number 9 (Sep. 2015)
Home > Archive > 2015 > Volume 10 Number 9 (Sep. 2015) >
JSW 2015 Vol.10(9): 1079-1085 ISSN: 1796-217X
doi: 10.17706/jsw.10.9.1079-1085

Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods

Deng Hui*, Liu Hui, Guo Ying, Zhang Baofeng
China Information Technology Security Evaluation Center, Beijing, 100085, China.

Abstract—The information security problems caused by the software vulnerabilities have became more and more complex. Among these vulnerabilities, the ones existing in memory allocations appear to be difficult to diagnose due to the absence of an appropriate method. In order to solve this problem, we introduce a methodology including four novel frameworks in this paper. The formalization for a program called algebraic transition system is proposed first. It aims to transform the data exchange process and its security attribute of a program into algebraic systems which are able to be considered as objection functions and constraint conditions, respectively. Based on the systems, the behavior and structure of formalization are optimized with bisimulation to reduce the computing cost in the subsequent processes. The determination of bisimulation is implemented by numerical and symbolic computation. Finally, the specific detection of the memory allocation vulnerability in the C program can be changed into a constraints solving problem called Max function which is able to be resolved with the filled function method. The experiment results represent that our approach is feasible.

Index Terms—C program, memory allocation vulnerability, algebraic transition system, bisimulation, formal method.

[PDF]

Cite: Deng Hui*, Liu Hui, Guo Ying, Zhang Baofeng, "Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods," Journal of Software vol. 10, no. 9, pp. 1079-1085, 2015.

General Information

ISSN: 1796-217X
Frequency: Monthly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jsw@iap.org
  • Aug 01, 2018 News!

    Papers published in JSW Vol. 13, No. 1- Vol. 13 No. 6 have been indexed by DBLP.    [Click]

  • Aug 01, 2018 News!

    [CFP] 2018 the annual meeting of JSW Editorial Board, ICSTE 2018, will be held in Kuala Lumpur, Malaysia, October 27-29, 2018.   [Click]

  • Aug 01, 2018 News!

    Vol 13, No. 7 has been published with online version 4 original aritcles from 3 countries are published in this issue.      [Click]

  • Jun 25, 2018 News!

    The papers published in Vol.13, No. 6 have all received dois from Crossref.

  • Aug 01, 2018 News!

    The papers published in Vol.13, No. 7 have all received dois from Crossref.