RISS 학술연구정보서비스

검색
다국어 입력

http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.

변환된 중국어를 복사하여 사용하시면 됩니다.

예시)
  • 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
  • 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
닫기
    인기검색어 순위 펼치기

    RISS 인기검색어

      Automatic detection of software security vulnerabilities in executable program files.

      한글로보기

      https://www.riss.kr/link?id=T10747330

      • 저자
      • 발행사항

        [S.l.]: Auburn University 2005

      • 학위수여대학

        Auburn University

      • 수여연도

        2005

      • 작성언어

        영어

      • 주제어
      • 학위

        Ph.D.

      • 페이지수

        423 p.

      • 지도교수/심사위원

        Director: John A. Hamilton, Jr.

      • 0

        상세조회
      • 0

        다운로드
      서지정보 열기
      • 내보내기
      • 내책장담기
      • 공유하기
      • 오류접수

      부가정보

      다국어 초록 (Multilingual Abstract) kakao i 다국어 번역

      Secure programming describes those techniques that software developers use to provide security features in their applications. In addition to these techniques, software practitioners use static code security checkers to parse through and scan the source code, looking for potential security problems. Related to static code checking, runtime checkers have been developed that monitor the software while it is in use.
      In an effort to counter the hacker threat, software security professionals need better methods and tools than these to analyze executable programs the way hackers do: from the binary data level. This level is where the hackers find the secret doorways and security loopholes that are not evident in high-level source code. A few commercial companies have recently started marketing software products that will scan executable files for software security vulnerabilities; however, these products have unpublished methodologies and unverified test results. Consequently, software practitioners have only a loose collection of homegrown, commercial, and operating system software tools to perform their secure programming work and to do so in primarily a manual approach.
      To help security analysts, programmers, and users detect security vulnerabilities in executable program files, we have created a methodology that uses information located in the headers, sections, and tables of a Windows NT/XP executable file, along with information derived from the overall contents of the file, as a means to detect specific software security vulnerabilities without having to disassemble the code. In addition, we have instantiated this methodology in a software utility program called findssv that automatically dissects an executable file and detects certain anomalies and software security vulnerabilities before installing and running the software.
      We tested findssv on seven categories of files: software installation files, software development files, Windows XP operating system files, Microsoft application files, security-centric application files, and miscellaneous application files. We show through the test results on these 2700 files that findssv is able to detect table size anomalies, large zero-filled regions of bytes, unknown regions of bytes, compressed files, sections that are both writable and executable, and the use of functions susceptible to buffer overflow attacks. We also list sixteen key security vulnerability findings about software in the seven categories.
      번역하기

      Secure programming describes those techniques that software developers use to provide security features in their applications. In addition to these techniques, software practitioners use static code security checkers to parse through and scan the sou...

      Secure programming describes those techniques that software developers use to provide security features in their applications. In addition to these techniques, software practitioners use static code security checkers to parse through and scan the source code, looking for potential security problems. Related to static code checking, runtime checkers have been developed that monitor the software while it is in use.
      In an effort to counter the hacker threat, software security professionals need better methods and tools than these to analyze executable programs the way hackers do: from the binary data level. This level is where the hackers find the secret doorways and security loopholes that are not evident in high-level source code. A few commercial companies have recently started marketing software products that will scan executable files for software security vulnerabilities; however, these products have unpublished methodologies and unverified test results. Consequently, software practitioners have only a loose collection of homegrown, commercial, and operating system software tools to perform their secure programming work and to do so in primarily a manual approach.
      To help security analysts, programmers, and users detect security vulnerabilities in executable program files, we have created a methodology that uses information located in the headers, sections, and tables of a Windows NT/XP executable file, along with information derived from the overall contents of the file, as a means to detect specific software security vulnerabilities without having to disassemble the code. In addition, we have instantiated this methodology in a software utility program called findssv that automatically dissects an executable file and detects certain anomalies and software security vulnerabilities before installing and running the software.
      We tested findssv on seven categories of files: software installation files, software development files, Windows XP operating system files, Microsoft application files, security-centric application files, and miscellaneous application files. We show through the test results on these 2700 files that findssv is able to detect table size anomalies, large zero-filled regions of bytes, unknown regions of bytes, compressed files, sections that are both writable and executable, and the use of functions susceptible to buffer overflow attacks. We also list sixteen key security vulnerability findings about software in the seven categories.

      더보기

      분석정보

      View

      상세정보조회

      0

      Usage

      원문다운로드

      0

      대출신청

      0

      복사신청

      0

      EDDS신청

      0

      동일 주제 내 활용도 TOP

      더보기

      주제

      연도별 연구동향

      연도별 활용동향

      연관논문

      연구자 네트워크맵

      공동연구자 (7)

      유사연구자 (20) 활용도상위20명

      이 자료와 함께 이용한 RISS 자료

      나만을 위한 추천자료

      해외이동버튼