Title

利用錯誤定位與自動修補技術達成自動化防禦

Translated Titles

Automatic Defense by Fault Localization and Dynamic Patch

DOI

10.6842/NCTU.2015.00934

Authors

鄭達群

Key Words

自動化 ; 錯誤定位 ; 修補 ; automatic ; fault localization ; patch ; CGC

PublicationName

交通大學資訊科學與工程研究所學位論文

Volume or Term/Year and Month of Publication

2015年

Academic Degree Category

碩士

Advisor

黃世昆

Content Language

繁體中文

Chinese Abstract

Cyber Grand Challenge(CGC)是由美國國防部高等研究計畫署(DARPA)舉辦的全自動化電腦攻防競賽。本論文參考競賽規則,結合模糊測試、錯誤定位、與修補三樣技術,建造一個全自動化的Cyber Reasoning System(CRS)。我們實驗室在自動化攻擊方面已有成果,因此希望結合錯誤定位技術,進一步發展成自動化修補技術,形成一個全自動化的攻防系統。除了競賽題目外,我們嘗試將系統應用在真實程式的漏洞,希望以自動化的方式改善資訊安全,彌補人力無暇顧及的部分。

English Abstract

The department of defense (DOD) in the US has called for the contest in automatic attack and defense. The contest is a big challenge on the security development and called Cyber Grand Challenge (CGC). We consult to the competition rules and develop an automatic cyber reasoning system (CRS) to fulfill the goals. Our CRS combines with the techniques of fuzz testing, fault localization, and binary patch to build an automatic defense system. With the former efforts developed in the SQLab for automatic attack, we further integrate into a CRS for automatic attack and defense. Other than the sample problems in the CGC, we evaluate our systems in the binary patch capability on real programs. This work will be a preliminary study for potential participations on the future CGC.

Topic Category 基礎與應用科學 > 資訊科學
資訊學院 > 資訊科學與工程研究所
Reference
  1. 2. Martin, B., et al., 2011 CWE/SANS top 25 most dangerous software errors. Common Weakness Enumeration, 2011. 7515.
    連結:
  2. 3. Ayewah, N., et al., Using static analysis to find bugs. Software, IEEE, 2008. 25(5): p. 22-29.
    連結:
  3. 5. Vessey, I., Expertise in Debugging Computer Programs. Information Systems Working Papers Series, Vol, 1984.
    連結:
  4. 6. Weiser, M. Program slicing. in Proceedings of the 5th international conference on Software engineering. 1981. IEEE Press.
    連結:
  5. 7. Agrawal, H. and J.R. Horgan. Dynamic program slicing. in ACM SIGPLAN Notices. 1990. ACM.
    連結:
  6. 8. DeMillo, R.A., H. Pan, and E.H. Spafford. Critical slicing for software fault localization. in ACM SIGSOFT Software Engineering Notes. 1996. ACM.
    連結:
  7. 9. Gyimóthy, T., Á. Beszédes, and I. Forgács. An efficient relevant slicing method for debugging. in Software Engineering—ESEC/FSE’99. 1999. Springer.
    連結:
  8. 11. Zhang, X., N. Gupta, and R. Gupta. Pruning dynamic slices with confidence. in ACM SIGPLAN Notices. 2006. ACM.
    連結:
  9. 1. Antoniol, G., et al. Is it a bug or an enhancement?: a text-based approach to classify change requests. in Proceedings of the 2008 conference of the center for advanced studies on collaborative research: meeting of minds. 2008. ACM.
  10. 4. Ball, T. The concept of dynamic analysis. in Software Engineering—ESEC/FSE’99. 1999. Springer.
  11. 10. Zhang, X., R. Gupta, and Y. Zhang. Precise dynamic slicing algorithms. in Software Engineering, 2003. Proceedings. 25th International Conference on. 2003. IEEE.
  12. 12. Parnin, C. and A. Orso. Are automated debugging techniques actually helping programmers? in Proceedings of the 2011 International Symposium on Software Testing and Analysis. 2011. ACM.
  13. 13. Choi, S.-S., S.-H. Cha, and C.C. Tappert, A survey of binary similarity and distance measures. Journal of Systemics, Cybernetics and Informatics, 2010. 8(1): p. 43-48.
  14. 14. Luk, C.-K., et al. Pin: building customized program analysis tools with dynamic instrumentation. in Acm Sigplan Notices. 2005. ACM.
  15. 15. Wong, W.E., et al. Software fault localization using DStar (D*). in Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference on. 2012. IEEE.
  16. 16. Miller, M., A Brief History of Exploitation Techniques & Mitigations on Windows. 2007.
Times Cited
  1. 邱淑芬(2012)。點對點網路安全機制之研究。中興大學資訊科學與工程學系所學位論文。2012。1-73。