English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 46965/50831 (92%)
造訪人次 : 12670137      線上人數 : 707
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    主頁登入上傳說明關於CCUR管理 到手機版


    請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/44391


    題名: 程式碼安全驗證之研究
    Research on Security Verification of Program Coding
    作者: 周子翔 (CHOU,TZU-HSIANG)
    貢獻者: 資訊工程學系
    關鍵詞: 軟體安全
    資訊安全
    網路安全
    靜態測試
    動態測試
    Software Security
    Information Security
    Network Security
    Static Testing
    Dynamic Testing
    日期: 2018
    上傳時間: 2019-05-31 12:58:17 (UTC+8)
    摘要: 近年來國際軟體發展,隨著雲端和智慧型手機相關資訊系統管理與應用程式之需求更加蓬勃。有人說掌握了軟體就能掌握全世界,值此21世紀所看到的是對軟體的使用與依賴越來越重。舉凡伺服器、資料中心、網路及網頁應用等,無一不需使用程式碼,遑論如大數據資訊之擷取、屬性分類前置處理、各歸類資料之後續分析處理,以及軟體定義之資料中心、軟體定義網路和軟體定義儲存等,其應用與服務都大幅度推動軟體發展。然軟體之應用安全性係資訊安全領域中較難以克服之困難。

    企業為精簡人事與開發成本,普遍喜歡使用能提供自動化處理或分析之系統、應用程式或設備。軟體開發期間或起始階段發現程式碼bugs、漏洞或脆弱性,加以修改調整,就能避免上線後因需更新系統或重新部署,衍生不必要之人力與時間成本的耗費。

    本論文所提出之研究架構,希望能分別經由靜態與動態分析,將原始碼資訊及經漏洞修補後,再進行程式間交互比對與整合,以掌握修補漏洞之程式所修補之弱點或漏洞。藉此找出關鍵或必要部分,來強化應用程式使用之安全性與可信賴性,讓企業與終端使用者均能安心使用。目前論文僅完成靜態測試,未來將補足動態測試與整合分析。
    In recent years, the development of international software has been booming due to the demand for information system management and applications related to the cloud and smart phones. Some people say that the software can grasp the world. In the 21st century, the use and dependence of software are getting more and more important.

    All servers, data centers, Internet and web applications use indispensable codes, not to mention the big data information retrieval, attribute classification pretreatment, the follow-up analysis and processing of the classification data, software-defined data center, software-defined network and software definition storage. Their applications and services greatly promote the software development. However, the application security of software is much more difficult to overcome in the field of information security.

    In order to cut down the investment, most of the enterprises use the free software for software security testing. If the software bug, leakage, vulnerabilities, etc. can be fixed at the first time of program developing, some effort of updating after on-line deploying could be saved.

    In this thesis, the proposed scheme is implemented based on the process of static and dynamic analysis of the software. Through the comparing of raw source code and the fixed code to comprehend the problem and find out the key points, thus we can enhance the security of software and provide more trusted applications for enterprises and users. Now there is only static test implemented, the dynamic test and integrated analysis will be accomplishing in the future.
    顯示於類別:[資訊工程學系] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML326檢視/開啟


    在CCUR中所有的資料項目都受到原著作權保護.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋