After analyzing the common attacks for some software systems, a dynamic software behavior verification model related with the unchecked input data based on software analysis and dynamic slicing technology is proposed. Regarding a statement as a basic analysis unit, and the information flow as the main behavior of the software, the direction of the information flow of each statement is defined as its behavior specification, the information flow verification problem is converted into the verification for assigning variable address's validation. During the execution, behavior of the statements that use untrusted variable is monitored to verify whether the address modified by the statements belongs to the specification or not. If it is consistent with the specification, the execution of the statement is permitted. Based on the behavior model proposed, a method of extracting of the behavior specification was researched and a method of dynamic verification was designed. In order to prove for efficiency and performance of the model, the input data related behavior acquiring framework was implemented, and a set of tests were conducted. Preliminary results show the validity of the software's behavior model.

• 出版日期2013-7
• 单位北京工业大学