《程序安全检测技术》课程介绍
程序安全检测技术课程是网络与信息安全专业员工的专业选修课之一。通过学习这门课程,使员工掌握程序安全的基本概念,掌握程序安全问题的静态分析方法,并从实践角度理解静态分析方法在安全检测中的应用,能够针对各种语言进行代码安全静态分析。
1.正确理解什么是程序安全问题,熟悉常见语言中常见的安全问题,了解每一种安全问题可能导致的后果和解决方案;
2.正确理解静态分析的工作方式、基本过程,
3.熟练掌握源程序到中间模型的转换方法:词法分析、语法分析、语义分析。
4.熟练掌握常用的静态分析方法:控制流分析、数据流分析。
5.掌握常见程序安全问题静态分析方法,缓冲区溢出静态分析,输入验证静态分析等。
6.C语言常见安全问题及其静态检测方法。
课程内容涉及程序安全问题分类、程序安全静态分析方法基本思想、程序建模、控制流分析、数据流分析、缓冲区溢出安全检测方法、输入验证方法及c语言常见安全问题分析等。通过本课程的学习,使员工掌握程序安全检测的基础知识和基本方法,培养员工分析和解决问题的能力,并使其具有程序安全问题分析能力和实现程序安全静态检测程序设计实现能力。
Introduction to the Course Program Safety Inspection Techniques
The course of Program Safety Inspection Techniques is one of the optional practice courses for the subject of Internet and Information Security. The aim of the course is to master the basic concept of program safety, the static analysis method to program safety issues and understand the methods in program safety inspection from a practical point of view, in order to apply the static analysis onto various kinds of programing languages.
1. Understand what a program safety issue is, get familiar with the common issues in prevalent programing languages, and get to know the consequences and solutions of such issues.
2. Understand the mechanism and basic procedure of a static analysis.
3. Master the typical transformation method from source code to intermediate models: lexical analysis, syntax analysis and semantics analysis.
4. Master the universal methods of static analysis: control flow analysis and data flow analysis.
5. Master the static analysis methods for common program safety issues: static analysis of buffer overflow and input verification.
6. Common issues and inspection methods for the programming language C.
Contents of the course cover the classification of program safety issues, the basic idea of program safety static analysis, program modeling, control flow analysis, data flow analysis, inspection of buffer overflow, inspection of input verification and common safety issues in C and solutions. The course intends to help the students master the basic knowledge and methods to inspect program safety and develop the ability to analyze and solve practical problems, especially in the field of program safety inspection and in the implementation of static inspection to fix program safety issues.