Full metadata record
DC FieldValueLanguage
dc.contributor.author林政德zh_TW
dc.contributor.author黃世昆zh_TW
dc.contributor.authorLin, Cheng-Teen_US
dc.contributor.authorHuang, Shin-Kunen_US
dc.date.accessioned2018-01-24T07:42:00Z-
dc.date.available2018-01-24T07:42:00Z-
dc.date.issued2017en_US
dc.identifier.urihttp://etd.lib.nctu.edu.tw/cdrfb3/record/nctu/#GT070356017en_US
dc.identifier.urihttp://hdl.handle.net/11536/142292-
dc.description.abstract隨著資訊技術的發展和網際網路的普及運用,大量應用程式與服務都經由網路連接與溝通。但這些應用程式與服務可能有軟體漏洞,有心人士可經網路利用,形成威脅。在資訊安全領域中,可分為防禦和攻擊二種方向。防禦方面的研究主要是透過軟體測試和漏洞修補來避免或減少危害,而攻擊方面的研究則是注重如何有效利用軟體漏洞。自動脅迫生成是屬於攻擊方面的研究。 我們過去有發展稱為 CRAX的自動脅迫生成平台 (Automatic exploit generation)。CRAX採用全系統符號執行的方式,可利用底層核心與大型軟體的漏洞,但同時因為全系統的模擬操作,必須記錄完整核心狀態,操作過程較為繁瑣,可用性較低。為了增進CRAX的可用性,我們實作Python API來達成CRAX操作流程的自動化。透過這套自動化脅迫生成API,使用者可以自動生成大量脅迫測試資料。zh_TW
dc.description.abstractWith the development of information technology and the popularity of the Internet, client applications and services communicate with each through network. However, there may be some software vulnerabilities in these applications, so that those vulnerabilities can be exploited, resulting in security threats. In the security research field, there are defense and attack directions . For defense research, we mainly focus on avoiding and reducing the security risks by software testing and vulnerability repair. For attack research, we focus on how to effectively exploit the software vulnerabilities. Automatic exploit generation is one of main area of attack research. We formerly have developed an automatic exploit generation platform called CRAX. CRAX inherits some good features from its underlying platform, but it also inherits some bad features, especially the cumbersome operation process. In order to improve the usability of CRAX, this study implements a set of Python API to automate the operation process of CRAX. With this automatic exploit generation API, users can easily exploit a large number of programs at once.en_US
dc.language.isozh_TWen_US
dc.subject自動化脅迫產生zh_TW
dc.subject符號執行zh_TW
dc.subjectAutomatic Exploit Generationen_US
dc.subjectSymbolic Executionen_US
dc.title自動化脅迫生成設計與實作zh_TW
dc.titleDesign and Implement of Automatic Exploit Generation Processen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
Appears in Collections:Thesis