期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

软件漏洞的攻击与防范 被引量:4

Attack and Defense of Software Vulnerability
下载PDF
导出
摘要 软件漏洞已经成为威胁信息安全的一个重要课题。本文介绍了软件漏洞的现状、软件漏洞攻击技术,最后对如何防范漏洞攻击提出了自己的建议。 Software vulnerability has become an important subject which is threating to information security. This paper introduces the software vulnerability and attacking technology, then gives some suggestions about how to defense the vulnerability attack.
作者 陈鑫 崔宝江 范文庆 钮心忻
机构地区 北京邮电大学
出处 《电信科学》 北大核心 2009年第2期66-71,共6页 Telecommunications Science
基金 国家"863"计划基金资助项目(No.2007AA01Z466和No.2008AA011004)
关键词 软件漏洞 漏洞挖掘 漏洞利用 software vulnerability, vulnerability disclosure, vulnerability exploiting
分类号 TP393.08 [自动化与计算机技术—计算机应用技术] TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献20

  • 1王颖,李祥和.软件漏洞的分类研究[J].计算机系统应用,2008,17(11):40-44. 被引量:11
  • 2Common vulnerabilities and exposures (CVE), cve.mitre.org/
  • 3http://www.microsoft .com/technet/security/current.aspx.
  • 4http://www.microsoft .com/technet/security/current .aspx.
  • 5Jones R J. Microsoft Vista vs Windows XP SP2 vulnerability report 2007, http://blogs.technet.com/security/
  • 6Sotirov A. Automatic vulnerability detection using static source code analysis. Graduate Paper of the University of Alabama, 2005
  • 7Newsome J. Dawn S. Dynamic taint analysis for automatic detection,analysis, and signature generation of exploits on commodity software. In: Network and Distributed System Security Symposium (NDSS), San Diego, July 2005
  • 8Venkataramani G, Doudalis I, Solihin Y, et al. FlexiTaint: a programmable accelerator for dynamic taint propagation. In: 14th IEEE International Symposium on High-Performance Computer Architecture (HPCA), Salt Lake City, Feb 2008
  • 9Chabbi M M. Efficient taint analysis using muhicore machines. Graduate Paper of the University of Arizona, 2007
  • 10Choi Y H, Kim H C, Oh H G, et ol. Call-flow aware API Fuzz testing for security of windows systems. In: International Conference on Computer Science and Applications (ICCSA)2008, Perugia, Italy, June 2008

二级参考文献9

  • 1[1]Microsoft Corporation.Update Management Process.2007.http://www.microsoft.com/technet/security/guidance/patchmanagement/secmod193.mspx.
  • 2[2]Microsoft Corporation.Microsoft SecurityResponse Center Security Bulletin Severity Rating System.2002.http://www.microsoft.com/technet/security/bulletin/rating.mspx.
  • 3[3]Steven Christey,Robert A.Martin.Vulnerability Type Distribution in CVE.2007.http://www.cve.mitre.org/docs/vuln-trends/index.html.
  • 4[4]Steven M.Christey.CVE Abstraction Content Decisions:Rationale and Application.(Version 1.0).2005.http://www.cve.mitre.org/cve/editorial_policies/cd_abstraction.html.
  • 5[5]MITRE Corporation.CVE (version 20061101) and Candidates as of 20071226.2007.http://www.cve.mitre.org/data/downloads/allitems.html.gz.
  • 6[6]Fortify Software Inc.,Gary McGraw.Seven Pernicious Kingdoms:A Taxonomy of Software Security Errors.2006.http://www.fortifysoftware.com/docs/Fortify_TaxonomyofSoftwareSecurityErrors.pdf.
  • 7[7]A Bazaz,J D.Arthur.Towards A Taxonomy of Vulnerabilities.Proceedings of the 40th Annual Hawaii International Conference on System Sciences.IEEE Computer Society,Washington,DC,USA.2007.ISBN~ISSN:1530-1605,0-7695-2755-8.On page(s):163a-163a.
  • 8[8]Bazaz A,Arthur,J D.Tront.J G.Modeling Security Vulnerabilities:A constraints and assumptions perspective.To be presented at IEEE International Symposium on Dependable,Autonomic and Secure Computing (DASC06),Indiana,2006.
  • 9钱学森,于景元,戴汝为.一个科学新领域——开放的复杂巨系统及其方法论[J].自然杂志,1990,13(1):3-10. 被引量:1298

共引文献10

同被引文献32

  • 1王颖,李祥和.软件漏洞的分类研究[J].计算机系统应用,2008,17(11):40-44. 被引量:11
  • 2韦韬,王贵驷,邹维.软件漏洞产业:现状与发展[J].清华大学学报(自然科学版),2009(S2):2087-2096. 被引量:4
  • 3李淼,吴世忠.软件漏洞起因的分类研究[J].计算机工程,2006,32(20):163-165. 被引量:3
  • 4Venkataramani G,Doudalis I, Solihin Y, et al. FlexiTaint:a pro- grammable accelerator for dynamic taint propagation.In:14th IEEE International Symposium on High-Performance Computer Architecture (HPCA),Salt Lake City, Feb 2008.
  • 5孙乃滢.浅论计算机系统漏洞及对策[J].天津:应用科技,213.
  • 6Du Wenliang,Mathur P A.Vulnerability testing of software system using fault injection.Technical Report Coast TR98 -02, Department of Computer Science,Purdue University,April 1998.
  • 7张玉清.网络安全漏洞研究[J].北京:专题报道,2008,11:24-26.
  • 8王丰辉.漏洞相关技术研究[M].北京:北京邮电大学,2006.
  • 9Larochelle D,Evans D.Statically detecting likely bufferoverflow vulnerabilities. Proceedings of the 10thConference on USENIX Security Symposium . 2001
  • 10汪贵生,夏阳.计算机安全漏洞分类研究[J].计算机安全,2008(11):68-72. 被引量:14

引证文献4

二级引证文献19

电信科学
2009年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部