检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:单纯[1] 荆高鹏 胡昌振[1] 薛静锋[1] 贺津朝
机构地区:[1]北京理工大学软件学院软件安全工程技术北京市重点实验室,北京100081
出 处:《北京理工大学学报》2017年第4期371-375,共5页Transactions of Beijing Institute of Technology
基 金:国家重点研发计划资助项目(2016YFB0800700)
摘 要:针对基于8031单片机系统软件的安全问题,对各权威漏洞数据库进行了分析研究,采用一种基于ECV规则的攻击分析方法从攻击事件中提取漏洞知识,根据漏洞种类及特征将漏洞从代码安全的角度分类,设计了三层结构的漏洞知识库,并根据漏洞知识库的设计提出了一种基于知识的漏洞检测算法,用于检测8031单片机系统漏洞.基于上述方法设计并实现了软件安全性逆向分析系统,对8031单片机系统进行漏洞检测.实验结果表明,基于该漏洞知识库的漏洞检测算法可以对目标程序正确进行漏洞检测,有利于降低软件代码漏洞量,并在一定程度上降低成本和资源消耗.The 8031 microcontroller software are currently used widely and its security issue become increasingly prominent. In view of this, the authoritative vulnerability databases were studied, extracted knowledge from attacks through a rule of ECV, classified security vulnerabilities according to the type and characteristics based code security, designed three-tier structure vulnerability knowledge database, and proposed a knowledge-based vulnerability detection algorithm based on the vulnerability knowledge library to detect the vulnerability of 8031 microcontroller. Designed and implemented a software security reverse-analysis system for 8031 binary program, and the effectiveness and availability of the vulnerability knowledge database and the rule of ECV were verified. The experimental result shows that the algorithm can correctly detect the target program vulnerability, having great significant in reducing the number of software vulnerabilities and saving lots of cost in detecting software vulnerability.
分 类 号:TP311.5[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.120