首页|期刊导航|计算机应用与软件|基于函数调用图分析的C/C++第三方库漏洞影响分析方法

基于函数调用图分析的C/C++第三方库漏洞影响分析方法

吴舒仪陈碧欢王颖赵文耘

计算机应用与软件2025，Vol.42Issue(6)：43-51,9.

计算机应用与软件2025，Vol.42Issue(6)：43-51,9.DOI:10.3969/j.issn.1000-386x.2025.06.006

基于函数调用图分析的C/C++第三方库漏洞影响分析方法

C/C++ THIRD PARTY LIBRARY'S VULNERABILITY IMPACT ANALYSIS METHOD BASED ON CALL GRAPH ANALYSIS

吴舒仪 ¹陈碧欢 ¹王颖 ²赵文耘¹

作者信息

1. 复旦大学计算科学技术学院上海 200438
2. 国网信息通信产业集团有限公司北京 100032
折叠

摘要

Abstract

To eliminate the false positives caused by coarse-grained impact analysis of existing software component analysis tools,a C/C++ third party library(TPL)'s vulnerability impact analysis method based on call graph analysis is proposed.The method evaluated the impact of TPL vulnerabilities by checking whether the TPL vulnerabilities were reachable through the call graph of the software,which provided a fine-grained,method-level and accurate TPL vulnerability impact analysis.The experiments show that the method achieves a precision of 94％and a recall of 77％,and reduces 80％of the false positives caused by coarse-grained impact analysis.

关键词

第三方库漏洞/依赖分析/函数调用图分析/C/C++第三方库漏洞影响分析

Key words

Third party library vulnerabilities/Dependency analysis/Call graph analysis/C/C++ vulnerability impact analysis

分类

信息技术与安全科学

引用本文复制引用

吴舒仪,陈碧欢,王颖,赵文耘..基于函数调用图分析的C/C++第三方库漏洞影响分析方法[J].计算机应用与软件,2025,42(6):43-51,9.

计算机应用与软件

OA北大核心

ISSN：1000-386X

访问量3

下载量0

段落导航