標題: 雲端軟體弱點探索分析資料庫
A Cloud-based Benchmark Database for Software Vulnerability Analysis and Discovery
作者: 趙正宇
Chao, Cheng-Yu
黃世昆
Huang, Shih-Kun
資訊科學與工程研究所
關鍵字: 資訊安全;雲端;軟體弱點;自動化系統;Security Programming;Exploit;Cloud;Wargame;0day
公開日期: 2012
摘要: 觀察過去Stuxnet、APT與最近Google、Facebook和微軟遭攻擊事件,網路世界的戰爭已不容輕視,其中所使用的武器便是針對各種軟體弱點的攻擊程式。本研究擬基於雲端系統建置一個軟體弱點探索分析資料庫,儲存可執行的軟體弱點環境,同時也改善實驗室開發的自動脅迫產生器(Automatic Exploit Generator, CRAX),與此資料庫整合,利用雲端系統自動化軟體弱點的探索過程,除能針對軟體弱點自動產生脅迫(Exploit)外,還可將建置的實驗環境轉換為wargame,提供人員安全意識訓練的教材。
Recent attacks like Stuxnet, APT, and on large corporations including Google, Facebook and Microsoft have caused much damage on valuable information asset. The Internet warfare can no longer be ignored. In this thesis we developed a cloud-based benchmark database for software vulnerability analysis and discovery. This system is capable of maintaining executable environment of various software vulnerabilities. We integrate the automated exploit generation system (called CRAX) formerly developed by our laboratory into the system, taking advantage of cloud system to automate the software exploit writing process. The system not only provides the automatic exploit of software vulnerability but can also construct a wargame for training security expertise from emulated environment.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT070056059
http://hdl.handle.net/11536/72536
顯示於類別:畢業論文


文件中的檔案:

  1. 605901.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。