完整後設資料紀錄
DC 欄位語言
dc.contributor.author邱世欣en_US
dc.contributor.authorChiu, Shih-Hsinen_US
dc.contributor.author黃世昆en_US
dc.contributor.authorHuang, Shih-Kunen_US
dc.date.accessioned2014-12-12T01:43:41Z-
dc.date.available2014-12-12T01:43:41Z-
dc.date.issued2010en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079755589en_US
dc.identifier.urihttp://hdl.handle.net/11536/45934-
dc.description.abstract軟體安全日漸成為重要的研究主題,起因於越來越多的軟體攻擊行為發生,這些狀況有一部份是源自於程式語言本身的缺陷,而另一方面也是程式設計師本身的粗心所導致。因此,我們將藉由軟體偵測技術以減少這些問題。在論文中探討目前被廣泛運用的的程式漏洞-緩衝區溢位(Buffer overflow),例如西元2003年八月造成重大損失的疾風(Blaster)病毒即利用此種漏洞進行破壞。為了防止此類型的漏洞,本論文使用KLEE的符號執行模組(symbolic execution model)並引入新的記憶體對映機制(memory map)來探測緩衝區溢位。相較於傳統的檢測工具,本論文所提出的工具可確實產生、可利用的測資來觸發漏洞的行為,進而證實漏洞的存在。這些測資事實上就是一組攻擊字串,有別於駭客手動方式產生,我們將提出自動產生的方法。zh_TW
dc.description.abstractSoftware security is getting more important recently. There are more and more attacks than before. It is partially due to some design flaws of the programming language and the lack of secure programming practices by programmers. The most serious vulnerability this thesis concerns with is buffer overflow, present in many C/C++ programs, such as the Blaster worm. For preventing from such vulnerabilities, we use symbolic execution with a new memory model supported by KLEE to detect buffer overflow vulnerabilities. This thesis actually generates an exploitable input to trigger buffer overflow and verify the presence of the vulnerability. The input suites we generate are realistic attacks. Unlike the usual hacking methods with manual techniques to reason on the tainting paths, we propose methods to generate exploitable input automatically.en_US
dc.language.isoen_USen_US
dc.subject擬真執行zh_TW
dc.subject緩衝區溢位zh_TW
dc.subjectsymbolic executionen_US
dc.subjectbuffer overflowen_US
dc.title操作利用非典型之擬真執行zh_TW
dc.titleExploiting Atypical Symbolic Executionsen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
顯示於類別:畢業論文


文件中的檔案:

  1. 558901.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。