English  |  正體中文  |  简体中文  |  Items with full text/Total items : 74010/74010 (100%)
Visitors : 24027429      Online Users : 417
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9603

    Title: 自動偵測程式緩衝區溢位錯誤的測試輔助工具;ARMORY : An auxiliary testing tool for automatic buffer overflow vulnerability detection
    Authors: 張繼軒;Chi-hsuan Chang
    Contributors: 資訊工程研究所
    Keywords: 除錯工具;可依賴度;測試工具;安全;testing;debug tool;reliability;security
    Date: 2008-07-10
    Issue Date: 2009-09-22 11:51:32 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 本研究提出一全新的測試輔助工具以協助軟體工程師或程式測試員在測試程式的正確性時自動地偵測出程式中的緩衝區溢位錯誤。程式緩衝區溢位錯誤(Program Buffer Overflow Bugs, PBOB)是緩衝區溢位攻擊的踏腳石,而緩衝區溢位攻擊是已知的電腦與網路攻擊方式中最危險的一種。Internet Worms便是透過此類程式錯誤在網際網路上繁殖,此外通常這一類攻擊的最終結果就是攻擊者取得被攻擊主機的超級使用者權限。當一程式輸入字串的長度大於接收緩衝區的長度而程式設計師亦沒有對多餘的字串做處理,則程式緩衝區溢位錯誤便會產生。雖然就像其他的程式錯誤一樣,程式緩衝區溢位錯誤也是程式錯誤的一種。但比較特別的是,程式緩衝區溢位錯誤不但不易偵測,也很難避免,且有非常危險的後遺症。通常若非執行一充分完整的程式測試,是很難發現程式內的程式緩衝區溢位錯誤。然而一個充分完整的程式測試通常亦是一個極費力且費時的工作。由於縮短產品開發時間是大部份軟體公司的主要考慮,這一類的測試工作通常被忽略。此外,訓練一位能夠撰寫上萬行程式碼卻不含任何程式緩衝區溢位錯誤的程式設計師,亦是一不可能的任務。畢竟犯錯是人類的天性。因此發展一全新的輔助測試工具以協助軟體工程師自動地偵測程式中的緩衝區溢位錯誤便成為一刻不容緩的重要議題。 In this paper we propose a new type of auxiliary examining tool to support software engineer or test Engineer detects the buffer overflow error in program automatically when testing the correctness of a program. Program Buffer Overflow Bug,(PBOB) is a stepping stone of buffer overflow attacks which is the one of most dangerous known attacks. Internet Worms spreads on Internet Networks via such bugs. Usually, The result of BOF attacks is getting the root privilege from the attacked host. The BOF Bug is produced When the length of a input string in program greater than the length of receive buffer, and the programmer do not deal with the redundant string. Dissimilar to the other program errors, Program Buffer Overflow Bug is not only difficult to detect and evade, but also has very high risky sequela. Program Buffer Overflow Bug in program can be discovered unless execute a complete program testing, and which is time-consuming and laborious. Such works always are neglected due to the major element of consideration from software companies – decrease the building time of products. Otherwise, training a programmer with perfect programming manner is impossible. Consequently, developing an innovative auxiliary examining tool to detect the buffer overflow error in program automatically demands immediate attention.
    Appears in Collections:[資訊工程研究所] 博碩士論文

    Files in This Item:

    File SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明