(54.236.62.49) 您好!臺灣時間:2021/03/06 11:01
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:謝怡臻
研究生(外文):Hsieh, Yi-Jhen
論文名稱:自動化修補具注入漏洞之網頁應用程式
論文名稱(外文):Automatic Patch Generation for Injection Vulnerability in Web Applications
指導教授:謝續平謝續平引用關係
指導教授(外文):Shieh, Shiuh-pyng
口試委員:曾文貴周國森范俊逸
口試委員(外文):Tzeng, Wen-GueyChou, Kuo-SenFen, Chun-I
口試日期:2017-08-17
學位類別:碩士
校院名稱:國立交通大學
系所名稱:網路工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2017
畢業學年度:106
語文別:英文
論文頁數:44
中文關鍵詞:注入漏洞自動修補網頁應用程式
外文關鍵詞:Injection VulnerablityAutomatic PatchWeb Application
相關次數:
  • 被引用被引用:0
  • 點閱點閱:113
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
摘要 III
Abstract IV
Tables of Contents V
Chapter 1. Introduction 1
Chapter 2. Background 6
2.1 Threat Model 6
2.2 Injection Vulnerability 6
2.3 Injected Delimiter 7
2.4 Patch 9
Chapter 3. Related Work 11
Chapter 4. Proposed Scheme 15
4.1 Determination of Potential Injected Delimiters for a Specific Sink 15
4.2 Vulnerability Analysis 17
4.3 Patch Generation 27
Chapter 5. Architecture 33
5.1 Injected Delimiter Analyzer 33
5.2 Vulnerability Analyzer 34
5.3 Patch Generator 35
Chapter 6. Evaluation 36
Chapter 7. Discussion 39
Chapter 8. Conclusion 41
Reference 42
[1] Nenad Jovanovic et al., “Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities,” in IEEE Symposium on Security and Privacy, Oakland, 2006.
[2] Yi Wang et al., “Program Slicing Stored XSS Bugs in Web Application,” in Fifth International Symposium on Theoretical Aspects of Software Engineering (TASE), Xi’an, 2011.
[3] William G. J. Halfond and Alessandro Orso, “AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks,” in IEEE/ACM international Conference on Automated software engineering, CA, 2005.
[4] William Halfond et al., “WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation,” in IEEE Transactions on Software Engineering, vol. 34, 2008, pp. 65-81.
[5] Hossain Shahriar and Mohammad Zulkernine, “Information-Theoretic Detection of SQL Injection Attacks,” in 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), Omaha, NE.
[6] Aske Simon Christensen et al., “Precise Analysis of String Expressions,” in International Conference on Static Analysis, San Diego, CA, 2003.
[7] Carl Gould et al., “Static Checking of Dynamically Generated Queries in Database Applications,” in 26th International Conference on Software Engineering, Edinburgh, UK, 2004.
[8] Daryl Shannon et al., “Abstracting Symbolic Execution with String Analysis,” in Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION, Winsdor, UK, 2007.
[9] Gary Wassermann and Zhendong Su, “Sound and Precise Analysis of Web Applications for Injection Vulnerabilities,” in 28th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2007, pp. 32-41.
[10] Gary Wassermann and Zhendong Su, “Static Detection of Cross-Site Scripting Vulnerabilities,” in 30th International Conference on Software Engineering, Leipzig, 2008.
[11] Gary Wassermann et al., “Static Checking of Dynamically Generated Queries in Database Applications,” in ACM Transactions on Software Engineering and Methodology, vol. 16, no. 14, 2007.
[12] Fang Yu et al., “Symbolic String Verification: An Automata-Based Approach,” in International SPIN Workshop on Model Checking of Software, 2008, pp. 306-324.
[13] The MONA Project [Online]. Available: http://www.brics.dk/mona/
[14] Muath Alkhalaf et al,. “ViewPoints: Differential String Analysis for Discovering Client- and Server-Side Input Validation Inconsistencies,” in 2012 International Symposium on Software Testing and Analysis, Minneapolis, pp. 55-66.
[15] Muath Alkhalaf et al,. “Semantic Differential Repair for Input Validation and Sanitization,” in 2014 International Symposium on Software Testing and Analysis, San Jose, CA.
[16] Inian Parameshwaran et al., “Auto-patching DOM-Based XSS at Scale,” in 10th Joint Meeting on Foundations of Software Engineering, Bergamo, Italy, 2015.
[17] Fang Yu et al., “Automata-Based Symbolic String Analysis for Vulnerability Detection,” in Formal Methods in System Design, vol. 44, issue 1, 2014, pp. 44-70.
[18] Ibéria Medeiros et al., “Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives,” in 23rd International Conference on World Wide Web, Seoul, Korea, 2014.
[19] Fang Yu et al., “Optimal Sanitization Synthesis for Web Application Vulnerability Repair,” in 25th International Symposium on Software Testing and Analysis, Saarbrücken, 2016, pp. 189-200.
[20] LibStrange [Online]. Available: https://github.com/vlab-cs-ucsb/LibStranger
[21] Symantec (2017). Symantec Internet Security Threat Report [Online]. Available: https://s1.q4cdn.com/585930769/files/doc_downloads/lifelock/ISTR22_Main-FINAL-APR24.pdf
[22] Bertrand Stivalet and Elizabeth Fong, “Large Scale Generation of Complex and Faulty PHP Test Cases,” in 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST), Chicago, IL.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
無相關期刊
 
無相關點閱論文
 
系統版面圖檔 系統版面圖檔