以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：27

、訪客IP：3.136.22.204

姓名	曾韵(Yun Tseng)  查詢紙本館藏	畢業系所	資訊管理學系
論文名稱	緩衝區溢位漏洞偵測自動化工具之研製 (On the Development of an Automatic Tool for Detecting Buffer Overflow Vulnerabilities)
相關論文	★ 應用數位版權管理機制於數位影音光碟內容保護之研究 ★ 以應用程式虛擬化技術達成企業軟體版權管理之研究 ★ 以IAX2為基礎之網頁電話架構設計 ★ 應用機器學習技術協助警察偵辦詐騙案件之研究 ★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例 ★ 網際網路半結構化資料之蒐集與整合研究 ★ 電子商務環境下網路購物幫手之研究 ★ 網路安全縱深防護機制之研究 ★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究 ★ 以樹狀關聯式架構偵測電子郵件病毒之研究 ★ 考量地區差異性之隨選視訊系統影片配置研究 ★ 不信任區域網路中數位證據保留之研究 ★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發 ★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究 ★ 一種網頁資訊擷取程式之自動化產生技術研發 ★ 應用XML/XACML於工作流程管理系統之授權管制研究
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載] 本電子論文使用權限為同意立即開放。 已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。 請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。
摘要(中)	隨著軟體的大小以及複雜度日益增加，軟體漏洞被發現的數目愈來愈多，速度愈來愈快，因此軟體安全逐漸受重視。在軟體安全問題中，最嚴重的就是緩衝區溢位問題，因此許多專家學者紛紛投入研究，發展軟體測試的相關技術及工具。其中，孫宇安提出採用Colored Petri Nets偵測程式原始碼緩衝區溢位問題的方法，偵測度高於其他分析原始碼的方法，但是需要耗費大量的人力在繪製Colored Petri Nets圖形上面。本研究的目的在於延伸孫宇安所提出的架構至C語言structure以及函式之間的傳值之處理上來增加偵測之偵測度，並且發展產生Colored Petri Nets圖形之自動化工具，提升偵測之效率，使偵測度在可接受之範圍內並提高偵測緩衝區溢位問題之效率。 本研究根據孫宇安所提出的原始碼轉換Colored Petri Nets圖形之規則，再增加C語言structure以及函式之間的傳值之轉換規則，最後以數個例子與BOON工具做比較，證實偵測度的確較高。本研究的主要貢獻為（1）提供產生Colored Petri Nets圖形之自動化工具提升偵測效率；（2）延伸孫宇安所提之架構，發展C語言structure以及函式之間的傳值之轉換規則；（3）利用CPN hierarchy功能做為C語言函式之間的傳值之轉換，使此方法可以擴充至較大型軟體的偵測上。
摘要(英)	As the software size is getting bigger and more complex, the number of software vulnerabilities which are discovered is increasing and software security is becoming more important than before. Whereas buffer overflow vulnerability is the most critical issue in the software security domain, many experts join in the related fields for developing software security techniques and tools. Yu-An Sun proposed an approach for detecting buffer overflow vulnerabilities with Colored Petri Nets, and the accuracy of her approach is higher than other detecting techniques. But her approach needs a lot of human efforts toward CPN graphs. The purpose of our research is to extend the framework of her approach to the expressions of structures and functions in C language, and also develop an automatic tool to produce CPN graphics to raise the detection rate. Our research based on the sourcecode-to-CPNgraphic transformation which Yu-An Sun proposed and add the rules in structures and functions transformation. We use some program examples to compare with the tool BOON to show that our detection rate is higher than BOON’s. The contributions of this research are (1) providing automatic tools to improve the efficiency, (2) extending Yu-An Sun’s framework to structures and functions transformations, (3) using CPN hierarchy characteristic to functions transformations, and expanding it to large software vulnerabilities detection.
關鍵字(中)	★ CPN Tools ★ Colored Petri Nets ★ 軟體安全 ★ 緩衝區溢位	關鍵字(英)	★ Software Security ★ Buffer Overflow ★ CPN Tools ★ Colored Petri Nets
論文目次	目錄 IV 圖目錄 VI 圖目錄 VI 表目錄 VIII 第一章　緒論 1 1.1　研究動機與目的 1 1.2　研究方法 3 1.3　研究結果與貢獻 4 1.4　論文架構 4 第二章　相關文獻 6 2.1　緩衝區溢位相關防禦工具探討 6 2.2　防止字串溢出 7 2.2.1　分析原始碼 7 2.2.2　編譯器改寫 12 2.2.3　攔截危險函式呼叫 12 2.2.4　錯誤注入測試 14 2.3　本章小結 15 第三章　採用Colored Petri Nets偵測緩衝區溢位問題 17 3.1　先前之研究 17 3.1.1　Colored Petri Nets簡介 17 3.1.2　使用CPN偵測緩衝區溢位原理 19 3.2　C語言structure之處理轉換 21 3.2.1　一般structure轉換 22 3.2.2　structure之間的型別轉換 26 3.3　C語言函式之間的傳值之轉換 30 3.3.1　CPN Hierarchy功能 30 3.3.2　應用Hierarchy功能至函式之間的傳值之轉換規則 31 第四章　系統設計 34 4.1　開發環境及工具介紹 34 4.1.1　Design/CPN 34 4.1.2　CPN Tools 34 4.1.3　Design/CPN 與 CPN Tools比較 35 4.2　系統運作流程 35 4.3　CPN Tools之DTD說明 36 第五章　實例分析 42 5.1　分析結果 42 5.1.1　程式例一－structure內部溢位問題 43 5.1.2　程式例二－structure整體的assignment 44 5.1.3　程式例三－structure間之casting 46 5.1.4　程式例四－函式之間參數傳值導致溢位問題 47 5.2　與其他工具比較－BOON 50 5.2.1　程式例一－structure內部溢位問題 50 5.2.2　程式例二－structure整體的assignment 52 5.2.3　程式例三－structure間之casting 52 5.2.4　程式例四－函式之間參數傳值導致溢位問題 52 第六章　結論 54 6.1　本文貢獻與特色 54 6.3　研究限制與未來發展方向 56 參考文獻 58 附錄一　CPN圖形轉換規則總表 61
參考文獻	中文參考文獻 [1] 孫宇安，採用CPN方法偵測程式原始碼緩衝區溢位問題，中央大學資訊管理學系碩士論文，民國90年6月。 [2] 陳奕明、曾韵，彩色派翠網路在資訊安全上之應用實例－偵測緩衝區溢位漏洞，2002年網際網路工程研討會論文集，民國91年12月，中央研究院。 英文參考文獻 [3] CERT/CC Statistics 1988-2003, http://www.cert.org/stats/#vulnerabilities. [4] webDav Buffer Overflow, http://www.net-security.org/advisory.php?id=1727. [5] CERT Advisory CA-2003-12 Buffer Overflow in Sendmail, http://www.cert.org/advisories/CA-2003-12.html. [6] A Buffer Overflow exists in Samba, http://packetstorm.widexs.nl/0304-advisories/Samba.txt. [7] L.M. Bowman, “Companies on the Hook for Security,” http://news.com.com/2100-1023-821266.html, 2002. [8] Microsoft Asks Colleges to Teach Hacking, http://www.pcworld.com/news/article/0,aid,109935,00.asp. [9] Microsoft to let governments review Windows code , http://www.computerworld.com/securitytopics/security/story/0,10801,77599,00.html. [10] Kurt Jensen, “Coloured Petri Nets. Basic Concepts, Analysis Methods and Practical Use. Vol 1：Basic Concepts,” Monographs in Theoretical Computer Science, Spring-Verlag, 1992. [11] DesignCPN website, http://www.daimi.au.dk/designCPN/man/. [12] CPN Tools web site, http://wiki.daimi.au.dk:8000/cpntools/cpntools.wiki. [13] J.Viega, J.T. Blosh, T. Kohno, and G. Mcgraw, ”ITS4：A Static Vulnerability Scanner for C and C++ Code,” In Proceedings of the 16th Annual Computer Security Applications Conference. New Orleans, Louisiana, December 2000. [14] David Evans and David Larochelle, “Improving Security Using Extensible Lightweight Static Analysis,” IEEE Software Magazine, 2002. [15] D. Larochelle and D. Evans, “Statically Detecting Likely Buffer Overflow Vulnerabilities,” In 2001 USENIX security symposium, Washington, D.C., 2001. [16] D.Wagner, J. Foster, E. Brewer, and A. Aiken, “A first step towards automated detection of buffer overrun vulnerabilities,” Network and Distributed System Security Symposium, February 2000. [17] Eric Haugh, and Matt Bishop, “Testing C Programs for Buffer Overflow Vulnerabilities,” Network and Distributed System Security Symposium, 2003. [18] Nurit Dor, Michael Rodeh, and Mooly Sagiv, “Cleaness Checking of String Manipulations in C Programs via Integer Analysis,” In Proceedings of the Eight International Static Anlalysis Symposium, 2001. [19] T. M. Austin, S. E. Breach, and G. S. Sohi, “Efficient Detection of All Pointer and Array Access Errors,” In the Proceedings of the ACM SIGPLAN ’94 Conference on Programming Language Design and Implementation, 1994. [20] R. W. M. Jones and P. H. J. Kelly, “Backwards-compatible Bounds Checking for Arrays and Pointers in C programs,” Automated and Algorithmic Debugging, pages 13--26, 1997. [21] A. Baraltoo, N. Singh, and T. Tsai, “Transparent Run-time Defense Against Stack Smashing Attacks,” In Proceedings of the USENIX Annual Technical Conference, 2000. [22] A. K. Ghosh, T. O’Connor, and G.McGraw, “Analyzing Programs for Vulnerability to Buffer Overrun Attacks,” In Proceedings of the National Information Systems Security Conference, 1998. [23] Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle and Erik Walthinsen, “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,” Proceedings in the 7th USENIX Security Symposium, 1998. [24] Vendicator, “Stack Shield：A Stack Smashing Technique Protection Tool for Linux,” http://www.angelfire.com/sk/stackshield/ . [25] “Solar Designer,” Non-executable User Stack, http://www.openwall.com/linux. [26] Rough Auditing Tool for Security (Rats) website, http://www.securesw.com/rats/. [27] ITS4 website, http://www.cigital.com/its4/. [28] Splint website, http://splint.org/. [29] BOON website, http://www.cs.berkeley.edu/~daw/boon/. [30] Safe C compiler website, http://www.cs.wisc.edu/~austin/scc.html. [31] StackGuard website, http://www.immunix.org/stackguard.html. [32] Flowfinder website, http://www.dwheeler.com/flawfinder/. [33] Aleph One, “Smashing the Stack for Fun and Profit,” http://www.shmoo.com/phrack/Phrack49/p49-14, 1996. [34] John Wilander and Mariam Kamkar, “A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention,” Network and Distributed System Security Symposium, 2003. [35] Susan His Yong, Susan Horwitz, and Thomas Reps, “Pointer Analysis for Programs with Structures and Casting,” In Proceeding of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 1999. [36] Bjarne Steensgaard, “Points-to Analysis by Type Inference of Programs with Structures and Unions,” In Proceedings of the 1996 International Conference on Compiler Comstruction, 1996. [37] Michael Siff, Staish Chandra, Thomas Ball, Krishna Kunchithapadam, and Thomas Reps, “Coping with Type Casts in C,” In Proceedings of ACM SIGSOFT Symposium on the Found of Software Engineering, 1999. [38] John Viega and Gary MacGraw, “ Building Secure Software,” Addison Wesley, 2002. [39] Nurit Dor, Michael Rodeh, and Mooly Sagiv, “CSSV：Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C,” PLDI , 2003.
指導教授	陳奕明(Yi-Ming Chen)	審核日期	2003-7-16
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare