中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/12984
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 78852/78852 (100%)
造访人次 : 38692954      在线人数 : 690
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/12984


    题名: 緩衝區溢位漏洞偵測自動化工具之研製;On the Development of an Automatic Tool for Detecting Buffer Overflow Vulnerabilities
    作者: 曾韵;Yun Tseng
    贡献者: 資訊管理研究所
    关键词: CPN Tools;Colored Petri Nets;軟體安全;緩衝區溢位;Software Security;Buffer Overflow;CPN Tools;Colored Petri Nets
    日期: 2003-06-20
    上传时间: 2009-09-22 15:20:58 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 隨著軟體的大小以及複雜度日益增加,軟體漏洞被發現的數目愈來愈多,速度愈來愈快,因此軟體安全逐漸受重視。在軟體安全問題中,最嚴重的就是緩衝區溢位問題,因此許多專家學者紛紛投入研究,發展軟體測試的相關技術及工具。其中,孫宇安提出採用Colored Petri Nets偵測程式原始碼緩衝區溢位問題的方法,偵測度高於其他分析原始碼的方法,但是需要耗費大量的人力在繪製Colored Petri Nets圖形上面。本研究的目的在於延伸孫宇安所提出的架構至C語言structure以及函式之間的傳值之處理上來增加偵測之偵測度,並且發展產生Colored Petri Nets圖形之自動化工具,提升偵測之效率,使偵測度在可接受之範圍內並提高偵測緩衝區溢位問題之效率。 本研究根據孫宇安所提出的原始碼轉換Colored Petri Nets圖形之規則,再增加C語言structure以及函式之間的傳值之轉換規則,最後以數個例子與BOON工具做比較,證實偵測度的確較高。本研究的主要貢獻為(1)提供產生Colored Petri Nets圖形之自動化工具提升偵測效率;(2)延伸孫宇安所提之架構,發展C語言structure以及函式之間的傳值之轉換規則;(3)利用CPN hierarchy功能做為C語言函式之間的傳值之轉換,使此方法可以擴充至較大型軟體的偵測上。 As the software size is getting bigger and more complex, the number of software vulnerabilities which are discovered is increasing and software security is becoming more important than before. Whereas buffer overflow vulnerability is the most critical issue in the software security domain, many experts join in the related fields for developing software security techniques and tools. Yu-An Sun proposed an approach for detecting buffer overflow vulnerabilities with Colored Petri Nets, and the accuracy of her approach is higher than other detecting techniques. But her approach needs a lot of human efforts toward CPN graphs. The purpose of our research is to extend the framework of her approach to the expressions of structures and functions in C language, and also develop an automatic tool to produce CPN graphics to raise the detection rate. Our research based on the sourcecode-to-CPNgraphic transformation which Yu-An Sun proposed and add the rules in structures and functions transformation. We use some program examples to compare with the tool BOON to show that our detection rate is higher than BOON’s. The contributions of this research are (1) providing automatic tools to improve the efficiency, (2) extending Yu-An Sun’s framework to structures and functions transformations, (3) using CPN hierarchy characteristic to functions transformations, and expanding it to large software vulnerabilities detection.
    显示于类别:[資訊管理研究所] 博碩士論文

    文件中的档案:

    档案 大小格式浏览次数


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明