CN106611125A - Method for verifying security of compiler - Google Patents
Method for verifying security of compiler Download PDFInfo
- Publication number
- CN106611125A CN106611125A CN201611135782.5A CN201611135782A CN106611125A CN 106611125 A CN106611125 A CN 106611125A CN 201611135782 A CN201611135782 A CN 201611135782A CN 106611125 A CN106611125 A CN 106611125A
- Authority
- CN
- China
- Prior art keywords
- compiler
- code
- codes
- target assembly
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
Abstract
The invention provides a method for verifying the security of a compiler. The method comprises the steps of firstly, setting compilation options of the compiler according to an application environment of the compiler; secondly, determining coding standards, and establishing a verification code library according to the coding standards, wherein the verification code library comprises all code structures which possibly occur in an application, and combinations of the code structures; and finally inputting all codes in the verification code library to the compiler to obtain target assembly codes; performing walk-through on grammar of source codes and the target assembly codes to determine whether the source codes are consistent with the target assembly codes or not; and if the source codes are consistent with the target assembly codes, indicating that the compiler is secure, and if the source codes are inconsistent with the target assembly codes, modifying the compiler or the coding standards. According to the method, the security of the compiler is judged without depending on usage experience, instead, the security of the compiler is determined by performing consistency judgment of the target assembly codes and the source codes based on the verification code library; and the method has the advantages of low cost, easy implementation, easy migration and the like.
Description
Technical field
The present invention relates to a kind of method for certifying compilation device security.
Background technology
Computer software range of application in high safety field (e.g., Aero-Space) is more and more wider, and its complexity is increasingly
Greatly, in these areas, the security of compiler needs checking.At present the domestic and international development technique to these key areas is also stopped
The assembly code direct coding stage is stayed in, with the unsafe factor for avoiding the compilation phase from introducing, but compilation coding is complicated
Degree is high, and application realizes that difficulty is very big.Therefore finally still to walk by this road of compiler compiling high-level language.
High safety field has strict requirements to the security reliability of compilation process, current main flow compiler and high safety
Require there be a certain distance.Therefore, a kind of method of general certifying compilation device security is needed badly to adapt to different high safeties
Apply required different compiler in field.
The method of compiler security credential has experience data authentication, but the experience of foreign countries acquisition channel is restricted, and
At home, experience of these high safety fields also without many this respects may certify that the security of certain compiler.
The content of the invention
The purpose of the present invention is:A kind of method of certifying compilation device security is provided, the method can verify certain compiling
The security of device, and easily can provide basis for the security verification of other compilers.
The method produces target assembler code by compiling the code in Validation Code storehouse on compiler to be verified, then right
Validation Code and corresponding assembler code carry out uniformity judgement, draw the conclusion of the compiler whether safety.
The technical scheme is that:
A kind of method of the certifying compilation device security, it is characterised in that:Comprise the following steps:
Step 1:According to the applied environment of compiler, the compiling option of compiler is set;The compiling option includes optimization
Grade, hardware platform and chained library;
Step 2:Determine coding standard, Validation Code storehouse is set up according to coding standard, the Validation Code storehouse includes application
In all code structures being likely to occur and these code structures combination;The code structure includes data structure, control knot
Structure, array length, number of parameters;
Step 3:By all codes input compiler in Validation Code storehouse, target assembler code is obtained;To source code and mesh
The grammer of mark assembler code carries out Walkthrough, determines whether source code is consistent with target assembler code;If consistent, then it is assumed that compiler is pacified
Entirely, if it is inconsistent, modification compiler or coding standard.
Beneficial effect
It is an advantage of the invention that:The method of certifying compilation device security provided by the present invention, is independent of extraordinary compiler
The abundant security that compiler is judged using experience, but based on Validation Code storehouse, carry out target assembler code and source
The uniformity of code judges to determine the security of compiler.The method has the advantages that low cost, easily implements, easily migrates.
The additional aspect and advantage of the present invention will be set forth in part in the description, and partly will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Description of the drawings
The above-mentioned and/or additional aspect and advantage of the present invention will become from the description with reference to accompanying drawings below to embodiment
It is substantially and easy to understand, wherein:
Fig. 1 is principle of the invention schematic diagram;
Fig. 2 is that the Validation Code storehouse of the present invention determines schematic diagram.
Specific embodiment
Embodiments of the invention are described below in detail, the embodiment is exemplary, it is intended to for explaining the present invention, and
It is not considered as limiting the invention.
The present invention relates to a kind of method of certifying compilation device security.The certifying compilation device security introduced using the present invention
Method, solve the problems, such as that compiling source code and target assembler code uniformity determines, the method low cost, easily implement, Yi Qian
Move.Compiler security verification flow process:Determine coding standard;It is determined that the driving code for needing;Compiler environment is set;According to volume
Code standard determines Validation Code storehouse;Code in Validation Code storehouse is compiled, and in the target assembler code for producing and source generation
Code carries out uniformity judgement, draws the conclusion of compiler whether safety.If consistent, compiler safety is proved;Otherwise, illustrate to need
Change compiler or coding standard.If using other compilers, existing Validation Code storehouse can be according to new coding standard
Carry out being multiplexed after appropriate fine setting is deleted.
The present invention is described in further details below.
Step 1:According to the applied environment of compiler, the compiling option of compiler is set;The compiling option includes optimization
Grade, hardware platform and chained library.
Compiler environment parameter is different, and the effect of compiling is also different, and we are when in the face of particular problem, it is only necessary to specific
The compiling option of problem is configured, such as optimization grade, hardware platform and chained library.
Step 2:Determine coding standard, Validation Code storehouse is set up according to coding standard, the Validation Code storehouse includes application
In all code structures being likely to occur and these code structures combination;The code structure includes data structure, control knot
Structure, array length, number of parameters.
Step 3:By all codes input compiler in Validation Code storehouse, target assembler code is obtained;To source code and mesh
The grammer of mark assembler code carries out Walkthrough, determines whether source code is consistent with target assembler code.According to uniformity judged result, draw
The conclusion of compiler whether safety.If consistent, compiler safety is proved, during soft project is implemented, it is only necessary to
Code is limited in the range of Validation Code storehouse;Otherwise, illustrate to need to change compiler or coding standard.
Judge it is the conclusion that draws on the basis of this kind of Validation Code storehouse due to the compiler security in the present invention,
With flexibility using on, if being directed to specific project, the range shorter in Validation Code storehouse can be tested with mitigating completely
The workload of card;Conversely, such as wanting that do a big set uses for multiple or all of sub-project, so that it may Validation Code storehouse model
Enclose and do big, make comprising all possible compiling input.
For other compilers or other compiling options of compiler of the same race, as long as we accomplish answering for coding standard
With it can be multiplexing that the work that the Validation Code storehouse for having carried out determines has quite a few:Existing Validation Code storehouse can
Carried out being multiplexed after appropriate fine setting is deleted according to new coding standard.
A concrete application example is given below:
VC++6.0 carries compiler.Optimization grade:Disable [Debug], alert level:Level3, hardware platform:
Windows;Operating system:XP;Have in coding standard one " compound statement should be connect after if expression formulas, can be with after else keywords
Connect compound statement, it is also possible to connect if sentences ".There is Validation Code according in the coding standard Validation Code storehouse:
The Validation Code is compiled through compiler, is produced target assembler code and is:
The corresponding relation of assembler code and source code is:
Above-mentioned example is proved, for current translation and compiling environment, is driven, and for the Validation Code, the behavior of compiler is
Correctly.
By the as above checking to all Validation Codes in code library, may certify that compiler whether safety, source code and
Target assembler code carries out uniformity judgement, if unanimously, proves compiler safety, during soft project is implemented, only needs
Code is limited in the range of Validation Code storehouse;Otherwise, illustrate to need to change compiler or coding standard.
Although embodiments of the invention have been shown and described above, it is to be understood that above-described embodiment is example
Property, it is impossible to limitation of the present invention is interpreted as, one of ordinary skill in the art is in the principle and objective without departing from the present invention
In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.
Claims (1)
1. a kind of method of certifying compilation device security, it is characterised in that:Comprise the following steps:
Step 1:According to the applied environment of compiler, the compiling option of compiler is set;It is described compiling option include optimization grade,
Hardware platform and chained library;
Step 2:Determine coding standard, Validation Code storehouse is set up according to coding standard, the Validation Code storehouse includes institute in application
It is possible to the combination of code structure and these code structures for occurring;The code structure includes data structure, control structure, number
Group length, number of parameters;
Step 3:By all codes input compiler in Validation Code storehouse, target assembler code is obtained;Source code and target are converged
The grammer of coding carries out Walkthrough, determines whether source code is consistent with target assembler code;If consistent, then it is assumed that compiler safety,
If it is inconsistent, modification compiler or coding standard.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611135782.5A CN106611125A (en) | 2016-12-12 | 2016-12-12 | Method for verifying security of compiler |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611135782.5A CN106611125A (en) | 2016-12-12 | 2016-12-12 | Method for verifying security of compiler |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106611125A true CN106611125A (en) | 2017-05-03 |
Family
ID=58636618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611135782.5A Pending CN106611125A (en) | 2016-12-12 | 2016-12-12 | Method for verifying security of compiler |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106611125A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107391368A (en) * | 2017-07-13 | 2017-11-24 | 中国航发控制系统研究所 | Source code and the analysis method of object code uniformity in a kind of airborne software |
| CN113656042A (en) * | 2021-08-24 | 2021-11-16 | 北京奇艺世纪科技有限公司 | Code generation method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5111390A (en) * | 1988-08-22 | 1992-05-05 | Unisys Corporation | Software security system for maintaining integrity of compiled object code by restricting users ability to define compilers |
| CN102012862A (en) * | 2010-11-09 | 2011-04-13 | 北京神舟航天软件技术有限公司 | Verification method of compiler based on contrast of logical structures of control flow graphs |
| CN103559125A (en) * | 2013-10-25 | 2014-02-05 | 北京广利核系统工程有限公司 | Method for verifying compiler by graph isomorphism |
| CN104714829A (en) * | 2013-12-15 | 2015-06-17 | 中国航空工业集团公司第六三一研究所 | Compiling linkage method for ensuring consistency of object code and source code |
-
2016
- 2016-12-12 CN CN201611135782.5A patent/CN106611125A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5111390A (en) * | 1988-08-22 | 1992-05-05 | Unisys Corporation | Software security system for maintaining integrity of compiled object code by restricting users ability to define compilers |
| CN102012862A (en) * | 2010-11-09 | 2011-04-13 | 北京神舟航天软件技术有限公司 | Verification method of compiler based on contrast of logical structures of control flow graphs |
| CN103559125A (en) * | 2013-10-25 | 2014-02-05 | 北京广利核系统工程有限公司 | Method for verifying compiler by graph isomorphism |
| CN104714829A (en) * | 2013-12-15 | 2015-06-17 | 中国航空工业集团公司第六三一研究所 | Compiling linkage method for ensuring consistency of object code and source code |
Non-Patent Citations (3)
| Title |
|---|
| 何炎祥 等: "可信编译器关键技术研究", 《计算机工程与科学》 * |
| 俞子甲: "GCC编译器安全验证方法研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 王少培 等: "CoSy C语言编译器安全性研究", 《计算机工程》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107391368A (en) * | 2017-07-13 | 2017-11-24 | 中国航发控制系统研究所 | Source code and the analysis method of object code uniformity in a kind of airborne software |
| CN107391368B (en) * | 2017-07-13 | 2021-02-09 | 中国航发控制系统研究所 | Method for analyzing consistency of source code and target code in airborne software |
| CN113656042A (en) * | 2021-08-24 | 2021-11-16 | 北京奇艺世纪科技有限公司 | Code generation method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103530534B (en) | A kind of Android program ROOT authorization method based on signature verification | |
| CN106933609B (en) | Android application program installation package generation method and device | |
| JP2017097862A (en) | System and method for generation of automatic request for base test case for safety critical software | |
| CN104462984B (en) | Application permission leakage detection method and system based on reverse semiology analysis | |
| CN102053836A (en) | Implementation method of version management tool for Android application development | |
| CN102012862A (en) | Verification method of compiler based on contrast of logical structures of control flow graphs | |
| CN107220539B (en) | Demand-based IMA security verification analysis method | |
| CN102340398A (en) | Security policy setting and determining method, and method and device for executing operation by application program | |
| CN106155903B (en) | Apparatus and method for system design verification | |
| CN103150200A (en) | Computer language transformation system and transformation method from C language to MSVL (Modeling, Simulation and Verification Language) | |
| CN106611125A (en) | Method for verifying security of compiler | |
| CN109062152A (en) | A kind of Loacl variable on-line monitoring method that logic-based configuration generates | |
| Kim et al. | Software vulnerability detection methodology combined with static and dynamic analysis | |
| CN109614107B (en) | Integration method and device of software development kit | |
| CN112685315A (en) | C-source code-oriented automatic formal verification tool and method | |
| CN104915287A (en) | Method and system for unit testing | |
| CN103077059A (en) | Method for judging whether application is matched or not | |
| CN107632832A (en) | One kind obscures method towards dalvik bytecode controlling streams | |
| US20090112554A1 (en) | Test Bench, Method, and Computer Program Product for Performing a Test Case on an Integrated Circuit | |
| CN101251823B (en) | DSP assembly language program verification method and device | |
| CN112534400A (en) | Method for analyzing source code | |
| CN105893104A (en) | Code compiling method and device | |
| CN103885875A (en) | Device and method for verifying scripts | |
| CN106326723A (en) | Method and device for certifying APK (Android Package) signature | |
| CN105701373A (en) | ADB interface opening method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170503 |