Full metadata record
DC FieldValueLanguage
dc.contributor.author黃世昆en_US
dc.contributor.authorHUANG SHIH-KUNen_US
dc.date.accessioned2014-12-13T10:36:31Z-
dc.date.available2014-12-13T10:36:31Z-
dc.date.issued2013en_US
dc.identifier.govdocNSC101-2221-E009-037-MY2zh_TW
dc.identifier.urihttp://hdl.handle.net/11536/94005-
dc.identifier.urihttps://www.grb.gov.tw/search/planDetail?id=2849369&docId=403300en_US
dc.description.abstract市集軟體(APPs)已成為重要的手機平台應用開發與使用方式。目前以Apple, Microsoft 與Google 提供之市集軟體平台為主,其內部也有相關軟體稽核機制,檢查是否符合平 台規範、使用到未公開之API、或隱藏惡意行為等。但另一方面,即使連微軟發行之軟 體不可避免地,每週都會有一次重要的patch 需求,而這些市集軟體開發者身份不明 確(僅通過信用卡卡號的查核),品質並無法確保,因此在市集軟體上架前,必須有惡 意攻擊測試的確認。本研究將運用KLEE symbolic virtual machine,並結合QEMU processor emulation 能力,針對Android 與Microsoft Mobile 市集軟體進行惡意 攻擊測試,運用fuzzing 技術產生可能之不穩定情況,並產生可能之攻擊程式。 我們第一年將建立Android 與Windows Mobile 平台之symbolic execution 模擬能 力,評估針對APPs 進行符號執行與測試的可行性。第二年將根據APPs 符號執行環 境,進行惡意攻擊測試。 此研究成果將有助於國內市集軟體平台之發展與建置。市集軟體上架之品質確認是維繫 市集軟體之推廣最重要的關卡之一。zh_TW
dc.description.abstractMarket Software (APPs) usage has become an important software release and application style for mobile phone platforms. Currently, Apple, Microsoft, and Google provide the primary market software service platforms, with internal software auditing processes, by checking if the software is compliant to the platform regulations, avoiding uses of undocumented APIs, and embedding malicious behaviors. On the other hand, even the Microsoft inevitably releases vulnerable software, with weekly patch to mitigate potential threats. Those market software developers are only with identity authenticated by credit card number. Their development process cannot be assured. Therefore, a malicious attack testing must be performed before the market software released. Our project will integrate the KLEE symbolic virtual machine, and QEMU processor emulation, focusing on Android, and Microsoft Mobile APPs, performing malicious attacks. By using fuzzing tests to generate crashes, the potential exploits of APPs will be produced. We will build a symbolic execution environment for Andorid and Windows mobile in the first year, assessing the feasibility of symbolic execution and testing on APPs. In the second year, we will try to produce malicious attacks, the exploits of APPs, based on the symbolic execution environment built in the first year. The research results will benefit to the market software platform in the local service providers. The quality of the released market software will be the key to the success of this new software distribution model.en_US
dc.description.sponsorship行政院國家科學委員會zh_TW
dc.language.isozh_TWen_US
dc.title針對 Android 與 Windows Mobile 自動產生攻擊測試輸入zh_TW
dc.titleAutomatic Exploit Generation for Andorid and Windows Mobile Systemsen_US
dc.typePlanen_US
dc.contributor.department國立交通大學資訊工程學系(所)zh_TW
Appears in Collections:Research Plans