《程序安全檢測技術》課程介紹
程序安全檢測技術課程是網絡與信息安全專業學生的專業選修課之一。通過學習這門課程,使學生掌握程序安全的基本概念,掌握程序安全問題的靜态分析方法,并從實踐角度理解靜态分析方法在安全檢測中的應用,能夠針對各種語言進行代碼安全靜态分析。
1.正确理解什麼是程序安全問題,熟悉常見語言中常見的安全問題,了解每一種安全問題可能導緻的後果和解決方案;
2.正确理解靜态分析的工作方式、基本過程,
3.熟練掌握源程序到中間模型的轉換方法:詞法分析、語法分析、語義分析。
4.熟練掌握常用的靜态分析方法:控制流分析、數據流分析。
5.掌握常見程序安全問題靜态分析方法,緩沖區溢出靜态分析,輸入驗證靜态分析等。
6.C語言常見安全問題及其靜态檢測方法。
課程内容涉及程序安全問題分類、程序安全靜态分析方法基本思想、程序建模、控制流分析、數據流分析、緩沖區溢出安全檢測方法、輸入驗證方法及c語言常見安全問題分析等。通過本課程的學習,使學生掌握程序安全檢測的基礎知識和基本方法,培養學生分析和解決問題的能力,并使其具有程序安全問題分析能力和實現程序安全靜态檢測程序設計實現能力。
Introduction to the Course Program Safety Inspection Techniques
The course of Program Safety Inspection Techniques is one of the optional practice courses for the subject of Internet and Information Security. The aim of the course is to master the basic concept of program safety, the static analysis method to program safety issues and understand the methods in program safety inspection from a practical point of view, in order to apply the static analysis onto various kinds of programing languages.
1. Understand what a program safety issue is, get familiar with the common issues in prevalent programing languages, and get to know the consequences and solutions of such issues.
2. Understand the mechanism and basic procedure of a static analysis.
3. Master the typical transformation method from source code to intermediate models: lexical analysis, syntax analysis and semantics analysis.
4. Master the universal methods of static analysis: control flow analysis and data flow analysis.
5. Master the static analysis methods for common program safety issues: static analysis of buffer overflow and input verification.
6. Common issues and inspection methods for the programming language C.
Contents of the course cover the classification of program safety issues, the basic idea of program safety static analysis, program modeling, control flow analysis, data flow analysis, inspection of buffer overflow, inspection of input verification and common safety issues in C and solutions. The course intends to help the students master the basic knowledge and methods to inspect program safety and develop the ability to analyze and solve practical problems, especially in the field of program safety inspection and in the implementation of static inspection to fix program safety issues.
