检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]柳州职业技术学院
出 处:《大众科技》2019年第4期5-7,4,共4页Popular Science & Technology
基 金:广西教育厅科研课题“基于污点分析的嵌入式操作系统漏洞挖掘技术研究”(KY2016YB642);广西中青年教师能力提升项目“基于BDS的城市智能交通管理系统研究”(2018KY0983)
摘 要:针对工控系统漏洞挖掘中如何快速引导Fuzzy测试过程,采用基于污点分析的工控系统漏洞挖掘方法对工控系统的程序特征进行了分析,明确了基于数据判断和数据拷贝需作为污点传播的记录重点并设计了一种改进型的污点传播记录模型。该模型能够记录程序执行过程中的显性和隐性污点传播过程。通过包含4个已公开漏洞的工控程序测试表明,传统的污点分析技术只发现了其中的1个漏洞,改进后的污点分析程序模型发现了全部4个漏洞。Aiming at how to quickly guide the Fuzzy test process in the vulnerability mining of industrial control system, the vulnerability mining method based on stain analysis was applied in the analysis of the program characteristics of industrial control system, which clarified that data judgment and data copy should be used as the recording focus of stain propagation, and an improved stain propagation recording model was designed. The model can record the process of explicit and implicit stain propagation in the process of program execution. The test of industrial control program with four open vulnerabilities shows that only one of the vulnerabilities has been found by the traditional stain analysis technology, and all four vulnerabilities have been found by the improved stain analysis program model.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222