检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]数学工程与先进计算国家重点实验室,郑州450001
出 处:《计算机工程》2014年第12期68-73,共6页Computer Engineering
基 金:国家科技支撑计划基金资助项目(2012BAH43B00);郑州市科技创新团队基金资助项目(10CXTD150)
摘 要:在思科互联网操作系统(Cisco IOS)中,系统安全漏洞已经成为信息安全风险的主要根源之一,全面发现与及时修补IOS的漏洞非常必要。为此,提出一种基于细粒度污点分析的启发式模糊测试方法。给出细粒度污点传播规则的形式化描述,以及基于细粒度污点分析的安全敏感操作判定规则,为获取启发式信息提供依据;采用启发式测试用例生成的方法,设计并实现Cisco IOS漏洞挖掘原型系统CTaint Miner,测试结果表明,系统具备较好的漏洞挖掘能力,验证了启发式模糊测试方法的有效性。Cisco Internet Operating System ( IOS ) is an operating system running on Cisco routing and switching equipment. Its security is very important. As the system security vulnerability becomes one of the main causes of information security risk,to discover and timely repair vulnerabilities in IOS is very necessary. A heuristic fuzzing method based on fine-grained taint analysis is proposed. Fine-grained taint propagation rules are presented in formal description. Judgment rules based on fine-grained taint analysis are proposed,providing the basis to acquire heuristic information. A method to generate heuristic test cases is proposed. It designs and develops a vulnerability mining prototype system named CTaintMiner for Cisco IOS. The mining system is used to do practical tests,and results show that CTaintMiner mining system has a better ability to do vulnerability mining and verifies the validity of the test method.
关 键 词:思科互联网操作系统 网络安全 启发式模糊测试 漏洞挖掘 污点分析
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249
