Full metadata record
DC FieldValueLanguage
dc.contributor.author許基傑en_US
dc.contributor.authorKhor, Kee Kiaten_US
dc.contributor.author黃世昆en_US
dc.contributor.authorHuang, Shih Kunen_US
dc.date.accessioned2014-12-12T01:59:26Z-
dc.date.available2014-12-12T01:59:26Z-
dc.date.issued2011en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079955627en_US
dc.identifier.urihttp://hdl.handle.net/11536/50533-
dc.description.abstract智慧型手機、平板電腦等行動裝置已日益成為個人的必備工具,軟 體市集的商業模式也蓬勃發展,並成為智慧型裝置的應用軟體主要來 源。然而這些智慧型裝置往往包含著大量個人化的資訊,同時也能進 行發送簡訊等付費行為,因此執行於其上的應用軟體的品質與可靠性 也逐漸成為備受關注的議題。但是一般使用者並沒有能力判斷市集上 的軟體品質,而官方市集以及第三方市集也都無法保證架上的軟體是 否不含缺陷問題。在此論文中,我們描述如何建立一個Android APP 測試環境,採用符號執行(Symbolic execution) 技術,可以自動化對市 集中的應用程式進行品質檢測,透過探測程式的可能執行路徑,以發 掘出未被執行之潛在品質缺陷或隱含可能有威脅疑慮之執行路徑。我 們實作改良原有之軟體品質測試與脅迫平台:CRAX,進行Andorid APP 之測試,稱為CRAXdroid,已成功實驗於實際應用之Android 程 式,證明此方法可行性高。zh_TW
dc.description.abstractMobile devices such as smart phone and tablet PC are becoming common personal devices. The business model of software market is also thriving and turning into a major source of software on those devices. However, such intelligent devices often contain lots of private information, and also can be used to conduct operations involving payment, like sending SMS. As a result, the quality of software on mobile devices becomes a critical issue. But ordinary users do not have the ability to check whether software on the shelf contains defective behavior or potential vulnerabilities, and neither the official APP market nor third party markets can ensure their software have no privacy risk. In this thesis, we proposed to build a platform for android APP testing, based on symbolic execution technique. By exploring all possible paths, we can find potential software vulnerabilities. We revised our software quality assurance and exploit generation platform, called CRAX, to apply in the Android APPs. It is called the CRAXdroid subsystem. We perform several experiments on Android market applications to prove the feasibility of our method.en_US
dc.language.isoen_USen_US
dc.subject符號運算zh_TW
dc.subject擬真運算zh_TW
dc.subject市集軟體zh_TW
dc.subject體軟測試zh_TW
dc.subject軟體品質zh_TW
dc.subject程式安全zh_TW
dc.subjectSymbolic Executionen_US
dc.subjectConcolic Exacutionen_US
dc.subjectMarket App Softwareen_US
dc.subjectSoftware Testingen_US
dc.subjectSoftware Qualityen_US
dc.subjectSecure Programmingen_US
dc.title藉由選擇性符號操作執行之Android APPs隨性測試zh_TW
dc.titleFuzz Testing on Android APPs by Selective Symbolic Executionen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
Appears in Collections:Thesis


Files in This Item:

  1. 562703.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.