摘要
随着计算机扮演着越来越重要的角色,计算机安全问题也越加凸显。计算机安全问题不仅涉及个人和企业利益,而且关乎国家安全。信息系统软件漏洞危害大、范围广,是病毒、木马等的直接载体,因此软件漏洞挖掘也是信息安全研究中的重要领域。文中提出了一种将静态分析和动态监测相结合的漏洞挖掘技术方案,通过对windows下多款软件进行测试,发现了windows平台下的多个漏洞,其中有3个被中国国家信息安全漏洞库(CNNVD)收录,证明了用这种软件控制挖掘技术来寻找漏洞是有效性。
For computer plays an increasingly important role, the computer security becomes even more prominent. Computer security involves not only the personal and business interests but also the national security. System and software vulnerabilities, with great harm and easy spreading, are the direct carrier of viruses, Trojan, etc., so their mining becomes the top priority of security research. This thesis proposes a technical scheme of vulnerabilities mining in combination of static analysis and dynamic monitor. Tests on varied softwares under Windows are done and various vulnerabilities are found, and 3 of them are included in China National Vulnerability Database of Information Security(CNNVD), and this clearly indicates the validity of this software vulnerabilities mining technology.
出处
《信息安全与通信保密》
2013年第4期86-89,共4页
Information Security and Communications Privacy
关键词
软件漏洞
漏洞挖掘
逆向工程
模糊测试
程序流程控制
software vulnerability
vulnerability mining
reverse engineering
fuzzing
program flow control