软件漏洞的攻击与防范

doi:10.3969/j.issn.1000-0801.2009.02.016

电信科学 ›› 2009, Vol. 1 ›› Issue (2): 66-71.doi: 10.3969/j.issn.1000-0801.2009.02.016

• 专题:网络与信息安全 • 上一篇下一篇

软件漏洞的攻击与防范

陈鑫,崔室江,范文庆,钮心忻

北京邮电大学北京 100876

出版日期:2009-02-15 发布日期:2017-08-18
基金资助:
国家“863”计划基金资助项目;国家“863”计划基金资助项目

Attack and Defense of Software Vulnerability

Xin Chen,Baojiang Cui,Winqing Fan,Xinxin Niu

Beijing University of Posts and Telecommunications,Beijing 100876,China

Online:2009-02-15 Published:2017-08-18

摘要/Abstract

摘要：

软件漏洞已经成为威胁信息安全的一个重要课题。本文介绍了软件漏洞的现状、软件漏洞攻击技术，最后对如何防范漏洞攻击提出了自己的建议。

关键词: 软件漏洞, 漏洞挖掘, 漏洞利用

Abstract:

Software vulnerability has become an important subject which is threating to information security.This paper introduces the software vulnerability and attacking technology,then gives some suggestions about how to defense the vulnerability attack.

Key words: software vulnerability, vulnerability disclosure, vulnerability exploiting

陈鑫,崔室江,范文庆,钮心忻. 软件漏洞的攻击与防范[J]. 电信科学, 2009, 1(2): 66-71.

Xin Chen,Baojiang Cui,Winqing Fan,Xinxin Niu. Attack and Defense of Software Vulnerability[J]. Telecommunications Science, 2009, 1(2): 66-71.

图/表 4

参考文献 21

1	赵鑫 . 漏洞攻击防范技术与漏洞数据库设计. 北京邮电大学硕士研究生学位论文， 2008
2	王颖，李祥和 . 软件漏洞的分类研究. 计算机系统应用， 2008（11）
3	Common vulnerabilities and exposures（CVE）,
4
5
6	Jones R J . Microsoft Vista vs Windows XP SP2 vulnerability report 2007,
7	Sotirov A . Automatic vulnerability detection using static source code analysis. Graduate Paper of the University of Alabama, 2005
8	Newsome J , Dawn S . Dynamic taint analysis for automatic detection，analysis,and signature generation of exploits on commodity software.In: Network and Distributed System Security Symposium （NDSS）, San Diego, July 2005
9	Venkataramani G , Doudalis I , Solihin Y , et al . FlexiTaint:a programmable accelerator for dynamic taint propagation.In: 14th IEEE International Symposium on High-Performance Computer Architecture（HPCA）, Salt Lake City, Feb 2008
10	Chabbi M M . Efficient taint analysis using multicore machines. Graduate Paper of the University of Arizona, 2007
11	Choi Y H , Kim H C , Oh H G , et al . Call-flow aware API Fuzz testing for security of windows systems.In: International Conference on Computer Science and Applications（ICCSA）2008, Perugia,Italy, June 2008
12	王清 . 0-day安全：软件漏洞分析技术. 北京：电子工业出版社， 2008
13	王嘉捷 . 基于软件补丁的漏洞自动挖掘研究. 2008年中国信息安全漏洞分析与风险评估研讨会，北京， 2014年12月
14	Xee . MS08-025 win32k. sys NtUserFnOutString privilege escalation exploit.
15	方兴 . 无所不在的攻击与利用. 2008年中国信息安全漏洞分析
16	Peterson C . Windows 7安全纵览. XCon2008，北京， 2008年12月
17	Jones R J . 2008 desktop OS vendor report.
18	Aggarwal A , Jalote P . Integrating static and dynamic analysis for detecting vulnerabilities.In: 30th Annual International Computer Software and Applications Conference, Chicago, September 2006
19	Du Wenliang , Mathur P A . Vulnerability testing of software system using fault injection. Technical Report Coast TR98-02, Department of Computer Science,Purdue University, April 1998
20	Sparks S , Embleton S , Cunningham R , et al . Automated vulnerability analysis:leveraging control flow for evolutionary input crafting.In: 23rd Annual Computer Security Applications Conference, Florida,USA, December 2007
21	Choi Y H , Kim H C , Lee D H . An empirical study for security of windows DLL files using automated API Fuzz testing.In: International Conference on Advanced Computing Technologies（ICACT）, Hyderadad, Feb 2008

[1]	尹彦尚, 索同鹏, 董黎刚, 蒋献. 基于贝叶斯攻击图的SDN安全预测方法[J]. 电信科学, 2021, 37(11): 75-85.
[2]	邓习海,冯维淼,马璐萍,李莹. 一种基于Android系统漏洞的通用攻击模型[J]. 电信科学, 2016, 32(10): 42-49.
[3]	陈鑫,崔宝江,范文庆,钮心忻. 软件漏洞的攻击与防范[J]. 电信科学, 2009, 25(2): 66-71.
[4]	郑志彬. 信息网络安全威胁及技术发展趋势[J]. 电信科学, 2009, 1(2): 28-34.
[5]	郑志彬. 信息网络安全威胁及技术发展趋势[J]. 电信科学, 2009, 25(2): 28-34.

软件漏洞的攻击与防范

Attack and Defense of Software Vulnerability

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 21

相关文章 5

Metrics

推荐阅读 0