Full metadata record
DC FieldValueLanguage
dc.contributor.author蘇翌帆zh_TW
dc.contributor.author黃世昆zh_TW
dc.contributor.authorSue, Yi-Fanen_US
dc.contributor.authorHuang, Shih-Kunen_US
dc.date.accessioned2018-01-24T07:39:44Z-
dc.date.available2018-01-24T07:39:44Z-
dc.date.issued2017en_US
dc.identifier.urihttp://etd.lib.nctu.edu.tw/cdrfb3/record/nctu/#GT070456058en_US
dc.identifier.urihttp://hdl.handle.net/11536/140780-
dc.description.abstract隨著軟體系統日益龐大,從最上層可能由PHP撰寫的應用程式、經過底層C與C++與作業系統的溝通介面,組成元件複雜,難以藉由人工的方式進行軟體測試,因此需要自動化的機制協助。其中符號執行(Symbolic execution)是最近廣為運用的自動化測試方法,也逐漸受大眾所重視。 我們過去有開發一個稱為 CRAXWeb的網頁測試系統。為了改善CRAXWeb的效能問題,本論文獨立蒐集處理路徑限制式,利用單一擬真路徑執行 (Concolic Execution)的特性,於原系統外進行路徑限制式的管理。我們整合Python語言與KLEE 內部元件Kleaver solver,避免重複執行符號執行、減少解路徑限制式花費的時間。透過此法來達到彈性化產生 Web攻擊代碼的攻擊限制式 (Payload Constraint)。同時導入符號化變異模糊測試排程法,透過加入適當的路徑限制式,減少測試web application的時間。當限制式產生衝突情況時,可找出衝突的限制式,或結合原單一擬真路徑執行所產生的路徑,以優化攻擊與解決路徑限制式的時間。zh_TW
dc.description.abstractAs software is more complicated and larger, for the top level applications may be written in PHP and the low-level communication interface are written by C or C + + and may refer to some related operating system-level implementation, it is more difficult to perform software testing and system analysis manually and need supports of automatic testing. Symbolic execution is a popular testing method to automate the process and more people pay attention to this technique. In this work, we propose to improve our previous system for web application testing, called CRAXWeb. With the feature of single path concolic execution, we resolve the path constraint outside of the CRAXWeb by using kleaver, a constraint solver in KLEE to reduce the time of re-execution of symbolic execution. This method can be used to generate the payload more flexibly. We introduce the scheduling algorithm used for fuzz testing to generate the payload constraints. By adding the appropriate path constraints, we can reduce the time of testing web application and handle the conflict. We can get a new path different from the one generated by CRAXWeb and optimize the resolution time to produce the attack.en_US
dc.language.isozh_TWen_US
dc.subject路徑限制式zh_TW
dc.subject路徑排程zh_TW
dc.subject符號測試zh_TW
dc.subject網頁測試zh_TW
dc.subject軟體測試zh_TW
dc.subjectSymbolic executionen_US
dc.subjectPath constrainten_US
dc.subjectCRAXWeben_US
dc.subjectWeb testingen_US
dc.subjectPython APIen_US
dc.subjectSoftware Testingen_US
dc.title路徑限制式排程優化 Web 程式測試效能zh_TW
dc.titleOptimizing Web Application Testing by Path Constraint Schedulingen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
Appears in Collections:Thesis