检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:周鹏 倪昀泽 ZHOU Peng;NI Yun-ze(School of Computer Science and Technology,Beijing University of Posts and Telecommunication,Beijing 100876,China;China Academy of Information and Communications Technology,Beijing 100191,China)
机构地区:[1]北京邮电大学计算机科学与技术学院,中国北京100876 [2]中国信息通信研究院,中国北京100191
出 处:《科技视界》2018年第18期174-176,163,共4页Science & Technology Vision
摘 要:随着网络安全技术的快速发展,越来越多的漏洞扫描、源码检测、代码审计相关软件被开发出来。很多工具号称运用符号执行、污点跟踪、机器学习等多种技术提升效率并改善性能。然而,由于缺乏大量已分类的标准化漏洞测试样本,采购人员和研究人员无法准确评估各工具扫描结果的有效性。因此,本文提出了一种基于源码的漏洞测试样本自动化生成技术。通过分析源码代码结构特征,结合已知漏洞类型,自动化将漏洞代码注入到源码中来生成大量含有漏洞的软件测试用例。本文选取了一些开源软件作为测试目标,并成功在源代码中插入多个可利用的漏洞。通过提供标准化、多样化的漏洞程序样本,为漏洞扫描工具提供统一的评判基础。With the rapid development of network security technology, more and more related softwares such as vulnerability scanning, source code detection and code auditing have been developed. Many tools claim to improve efficiency and performance by using symbolic execution, stain tracking, machine learning and many other technologies.However, due to the lack of a large number of classified standardized test samples, buyers and researchers can not accurately evaluate the effectiveness of the tool scanning results. Therefore, this paper proposes an automatic generation technology of vulnerability test samples based on source code. By analyzing the structure features of the source code and combining the known vulnerability types, the vulnerability code is automatically injected into the source code to generate a large number of software test cases containing vulnerabilities. This article selects some open source software as the test target, and successfully inserts some exploitable vulnerabilities into the source code. By providing standardized and diversified vulnerability program samples, it provides a unified evaluation basis for vulnerability scanning tools.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.200