期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Linux二进制应用软件漏洞自动挖掘研究与实现 被引量:2

Research and Implementation of Automatic Vulnerability Mining in Linux Binary Applications
下载PDF
导出
摘要 伴随着各类应用软件在人们生活和工作中的应用越发广泛,对于软件自身安全的需求也越发强烈。软件漏洞是造成各类安全事件的重要原因之一。本研究运用代码覆盖引导的模糊测试技术,实现了基于Pin工具的Linux系统下二进制应用软件漏洞挖掘系统,将漏洞发现有效地融入了软件开发测试的全生命周期,从而降低漏洞带来的安全风险。针对现有模糊测试方法没有考虑带有虚拟机壳的程序这一问题,本研究通过准确地描述虚拟机壳内部的控制流,有效提高了这一类程序的代码覆盖效果。 With the popular application of software in production and life,the social demand for software security is more and more serious.Software vulnerability is an important factor that causes software security incidents.This research uses the fuzzy test technology of code coverage guidance to realize binary application software vulnerability mining system under the Linux system based on Pin tools,and effectively integrates the vulnerability discovery into the whole life cycle of software development and testing to reduce the security risk caused by vulnerabilities.In view of the fact that the existing fuzzy testing method does not consider the program with virtual shell,this study effectively improves the code coverage effect of this kind of program by accurately describing the control flow inside the virtual shell.
作者 曾强 ZENG Qiang(State Grid Bazhong Electric Power Supply Company,Bazhong 636000,China)
机构地区 国网巴中供电公司互联网办公室
出处 《电力信息与通信技术》 2020年第9期37-42,共6页 Electric Power Information and Communication Technology
关键词 LINUX 二进制 软件漏洞 自动挖掘 Linux binary software vulnerability automatic mining
分类号 TP311.1 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献10

二级参考文献67

  • 1杨鹏.漏洞扫描平台和未知安全隐患检测方法研究[J].自动化与仪器仪表,2016(7):143-144. 被引量:2
  • 2王立泽,刘斌,杨顺昆,颜林.面向VxWorks的嵌入式软件集成开发环境研究[J].计算机工程,2006,32(3):55-56. 被引量:6
  • 3Gartner. Worldwide smartphone sales in Q3 2013 [ EB/OL]. [ 2014-1-22 ]. http: // www. gartner, com/newsroom/ id/2623415. 被引量:1
  • 4AppBrain. Number of available Android applications [ EB/ OL]. [ 2014-1-22 ]. http ; ff www. appbrain, com/stats/. 被引量:1
  • 5Roman Unuchek. Obad. a trojan now being distributed via mobile botnets [ EB/OL]. [ 2014-01-22 ]. http: ff www. securelist, com/en/blog/8131/Obad _ a_ Trojan _ now _ being_ distributed via_mobile_botnets. 被引量:1
  • 6Chinese 3C Products Sales Promotion. Android, KungFu series variants depth analysis and complete clean-up methods [EB/OL]. [2014-01-22]. http: ff icuxi g/ 2012/01/17/20403. html. 被引量:1
  • 7Jiang X X. Smishing vulnerability in multiple Android platforms (including gingerbread, ice cream sandwich, and jelly bean) [ EB/OL]. [2014-01-223. http: //www, cse. ncsu. edu/facuhy/jiang/smishing, html. 被引量:1
  • 8Grace M, Zhou Y, Wang Z, et al. Systematic detection of capability leaks in stock Android smartphones [ C ] // Proceedings of the 19th Annual Symposium on Network and Distributed System Security. 2012. 被引量:1
  • 9Chan P P F, Hui L C K, Yiu S M. Droidchecker: analyzing Android applications for capability leak [ C ] //Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012: 125-136. 被引量:1
  • 10Davi L, Dmitrienko A, Sadeghi A R, et al. Privilege escalation attacks on Android [ C ] // Information Security. Springer Berlin Heidelberg, 2011: 346-360. 被引量:1

共引文献60

同被引文献19

引证文献2

二级引证文献1

电力信息与通信技术
2020年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部