互联网 qkzz.net
全刊杂志网:首页 > 女性 > 文章正文
刊社推荐

一种基于fuzzing技术的漏洞发掘新思路


□ 邵 林 张小松 苏恩标

   (电子科技大学 计算机科学与工程学院, 成都 610054)
  
  摘要:
  目前检测软件缓冲区溢出漏洞仅局限于手工分析、二进制补丁比较及fuzzing技术等,这些技术要么对人工分析依赖程度高,要么盲目性太大,致使漏洞发掘效率极为低下。结合fuzzing技术、数据流动态分析技术以及异常自动分析技术等,提出一种新的缓冲区溢出漏洞发掘思路。新思路克服了已有缓冲区溢出漏洞发掘技术的缺点,能有效发掘网络服务器软件中潜在的未知安全漏洞(0day),提高了缓冲区溢出漏洞发掘效率和自动化程度。
  关键词:自动化; 缓冲区溢出; 黑盒测试; 安全漏洞; 漏洞发掘
  中图分类号:TP319文献标志码:A
  文章编号:10013695(2009)03108603
  
  New method of software vulnerability detection based on fuzzing
  
  SHAO Lin, ZHANG Xiaosong, SU Enbiao
  
  (School of Computer Application Technology, Technology University of Electronic Science & Technology of China, Chengdu 610054, China)
  
  Abstract:
  The techniques of buffer overflow vulnerabilities detection was single and limited to manual analysis, binarypatch comparison, fuzzing and so on. These techniques of vulnerabilities detection were either too dependent on manual analysis or too blind, leading up to the low efficiency of vulnerabilities detection. Introduced a new method of buffer overflow vulnerabilities detection, which was based on fuzzing, dataflow dynamic analysis and automated exception analysis. Overcame the disadvantages of old techniques, this new method effectively improves the detection of potential unknown security vulnerabilities (0day) in software. Besides, this method is more automated and performs better in finding new security vulnerabilities. ......
很抱歉,暂无全文,若需要阅读全文或喜欢本刊物请联系《计算机应用研究》杂志社购买。
欢迎作者提供全文,请点击编辑
分享:
 

了解更多资讯,请关注“木兰百花园”
分享:
 
精彩图文


关键字
支持中国杂志产业发展,请购买、订阅纸质杂志,欢迎杂志社提供过刊、样刊及电子版。
关于我们 | 网站声明 | 刊社管理 | 网站地图 | 联系方式 | 中图分类法 | RSS 2.0订阅 | IP查询
全刊杂志赏析网 2017