完整後設資料紀錄
DC 欄位語言
dc.contributor.author黃博彥en_US
dc.contributor.authorHuang, Po-Yenen_US
dc.contributor.author黃世昆en_US
dc.contributor.authorHuang, Shih-Kunen_US
dc.date.accessioned2014-12-12T01:52:13Z-
dc.date.available2014-12-12T01:52:13Z-
dc.date.issued2011en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079855584en_US
dc.identifier.urihttp://hdl.handle.net/11536/48318-
dc.description.abstract由於資訊領域的快速發展與應用,各類安全威脅日趨嚴重,而這些威脅都根源於軟體的缺陷,軟體安全性的探討因此成為重要的議題。這些議題中,最大的威脅來自於軟體缺陷經常性地被揭露、使得駭客的攻擊事件層出不窮,其中零日攻擊(zero-day attacks)更造成系統及經濟上的重大危害。我們以軟體發展過程的角度分析,瞭解到安全漏洞的修補過程,是一場與零日攻擊的時間競賽,若能儘早修補漏洞,將可大幅降低其威脅性。為了快速掌握漏洞,我們運用在軟體測試領域中,已被廣泛研究運用、自動尋找程式錯誤的方法。然而如何分析眾多的程式錯誤,優先尋找出安全性威脅的漏洞,仍是一個很困難的研究領域。在此論文中,我們將轉換角色,以攻擊者的角度來試圖產生攻擊程式碼、並將過程自動化,以此證明程式中存在安全性漏洞。我們提出基於符號執行的軟體測試方法,實作攻擊程式產生器,可任意攔截控制流程。此概念已實驗在多個真實的程式,證明此方法之可行性。zh_TW
dc.description.abstractDue to the rapid deployment of information technology, the threats on information assets are getting more serious. These threats are originated from software vulnerabilities. The vulnerabilities bring about attacks. If attacks launched before the public exposure of the targeted vulnerability, they are called zero-day attacks. These attacks usually damage system and economy seriously. We have analyzed the process of zero-day attacks in the perspective of software process and recognize that it is a race competition between attacks and software patch development and deployment. If developers can fix the vulnerabilities as soon as possible, the threats will be significantly reduced. In order to faster the vulnerability finding process, we use the software testing techniques, focusing on finding bugs automatically. However, it is still hard to locate security vulnerabilities from a large number of bugs. In our paper, we switch to the roles of attackers and aim at generating attacks automatically to prove that a bug is a security vulnerability. Based on symbolic execution, we are able to automatically generate exploit for control-flow hijacking attacks and perform several experiments with real-world programs to prove our method is feasible.en_US
dc.language.isoen_USen_US
dc.subject軟體測試zh_TW
dc.subject攻擊程式碼zh_TW
dc.subject控制流程劫持zh_TW
dc.subjectSoftware Testingen_US
dc.subjectExploiten_US
dc.subjectControl Flow Hijackingen_US
dc.title自動產生攔截控制流程之攻擊程式碼zh_TW
dc.titleAutomated Exploit Generation for Control-Flow Hijacking Attacksen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
顯示於類別:畢業論文


文件中的檔案:

  1. 558401.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。