標題: | 支援大型軟體測試之符號環境系統 Symbolic Environment Support for Testing Large Software Applications |
作者: | 黃韋翔 Huang, Wei-Shiang 黃世昆 Huang, Shih-Kung 資訊科學與工程研究所 |
關鍵字: | 軟體測試;符號執行;軟體失控樣本資料庫;Software Testing;Symbolic Execution;Crash Database |
公開日期: | 2012 |
摘要: | 在軟體開發的過程中,因為程式開發者的疏忽,往往會造成程式中含有潛在的軟體漏洞。透過自動化的軟體動態檢測技術,我們可以從中找出存在的軟體問題。如要大規模、快速、且方便的對軟體檢測,就要建立一個軟體資料庫,將有問題的軟體建立為樣本,以便於後續的軟體研究、分析、與測試之用。
在此篇論文中,提出透過建立虛擬機器映像檔的方式,建立軟體失控樣本資料庫(Crash Database)。預先在映像檔中安裝相關的作業系統以及軟體,當使用者需要時,則可快速建立一個馬上可供使用的環境,改善使用者在進行軟體測試時,還需花時間手動安裝的缺點。
為了方便軟體樣本資料庫的管理,我們也提出一個網頁管理介面,透過此介面,管理者可以在此介面中新增、查詢、刪除後端虛擬機器映像檔的資料。此外,也提供系統狀態監控機制,能在儲存資料庫的設備出現問題時,即時透過電子郵件或簡訊告知管理者。
對於使用者來說,瀏覽這個介面即可了解目前資料庫中可供測試的軟體版本。為了方便使用者在使用時能夠快速建立測試環境,網頁中也提供即時建立虛擬機器映像檔之功能。當使用者點選該功能後,後端程式即會自動建立對應的軟體映像檔;使用者透過下載自動化的腳本程式,來自動掛載透過網路分享的映像檔,進行實驗。結合遠端管理機制,使用者藉由我們所開發的遠端管理軟體,能透過在外部下指令,操作虛擬機器中的環境,達到更多樣性的運作方式。 With the development of software, the quality issues have become a major concern. The truth is that programmers still do not take this problem into consideration, so that software is still with a lot of vulnerabilities or bugs. In this thesis, we try to build a repository with potentially vulnerable software called crash database. The purpose of this database is to collect software with vulnerabilities or bugs, and these collections can be used for further analyze. This database provides an integrated environment that contains an entire operating system, software and remote control framework, so that users do not have to build the environment manually and they can easily perform experiments. In addition, we develop a web management and monitoring interface; this interface allows users to choose the proper software images and clone a new testing environment quickly. For administrators, they can use this system to add, remove, and control software images; meanwhile, it has the monitoring mechanism that we can know the status of every crash database server. The system therefore improves the traditional software analysis environment. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT079955558 http://hdl.handle.net/11536/50473 |
Appears in Collections: | Thesis |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.