摘要
随着Java应用越来越广泛,与Java相关的脆弱性问题也越发突出,为了提高Java软件的安全性,对Java程序中的脆弱性模式进行了研究.应用了分类、分析、归纳总结等研究方法.较系统地提出Java程序中存在的脆弱性模式,阐述了各种脆弱性模式的产生原因及其危害,并提出了相应的避免方法.研究结果可以用于指导Java软件的编写,也可以用于对已有Java软件进行脆弱性分析,大幅度提高Java软件的安全性,由于脆弱性种类会随着应用的发展而发生变化,今后还需要研究其他的脆弱性模式.
With the wider use of Java software, vulnerabilities related to Java software are becoming more and more serious. In order to improve the security of Java software, the paper systematically introduces the vulnerability patterns existing in Java program by using classification, analysis and inductive method. Furthermore, the paper presents the causes, harm and related avoiding policies of all the vulnerability patterns. The research results can be used to guide Java software programming and vulnerability analysis for existent Java software, which can greatly improve the security of Java software. Because software vulnerability will change with the development of software, it is necessary to research the other vulnerability patterns in the future.
出处
《微电子学与计算机》
CSCD
北大核心
2008年第6期63-66,70,共5页
Microelectronics & Computer
关键词
脆弱性模式
整数溢出
串行化
特权代码
vulnerability pattern
integer overflow
serialization
privileged code