English  |  正體中文  |  简体中文  |  Items with full text/Total items : 888/888 (100%)
Visitors : 13628300      Online Users : 262
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://ccur.lib.ccu.edu.tw/handle/A095B0000Q/27

    Title: 使用LLVM靜態分析器偵測TOCTOU漏洞;The TOCTOU Detection Using LLVM Static Analyzer
    Authors: 賴亭君;LAI, TING-CHUN
    Contributors: 資訊工程研究所
    Keywords: 靜態分析;Clang;LLVM;系統呼叫;TOCTOU漏洞;Static Analysis;Clang;LLVM;System Call;TOCTOU Attack
    Date: 2018
    Issue Date: 2019-05-23 10:30:12 (UTC+8)
    Publisher: 資訊工程研究所
    Abstract: TOCTOU(Time-of-Check-Time-of-Use)是在系統檢查資料或權限等狀態至使用的期間,遭到攻擊者入侵的一種安全漏洞。屬於競爭危害(race condition)的一類,最早文獻至少起源於1970年代[1],其包含的範圍甚廣,攻擊的方式變化萬千,本文針對其中關於Linux系統呼叫(system call)的部分進行研討。對於可能產生TOCTOU漏洞的系統呼叫配對,我們使用LLVM前端clang的靜態分析器(static analyzer),定義並且編寫我們的checker,此checker能夠讓使用者在編譯時,得到TOCTOU漏洞的相關警告,希望藉此讓使用者提升程式碼的品質,減少被駭客攻擊的機會。
    A system is attacked between the time checking something such as files and privileges and the time using the result it has checked. The above is a security vulnerability called TOCTOU(Time-of-Check-Time-of-Use). TOCTOU belongs to a kind of race condition. It can be dated back to 1970s. There are many methods to attack systems with TOCTOU. This paper will focus on part of these methods that are about Linux system calls. We use clang static analyzer in LLVM front-end to define and write our checker. This checker detects system call pairs that may lead to TOCTOU while compiling. We will get warnings about TOCTOU after detecting these system call pairs. Users therefore can improve codes, reducing the probability attacked by hackers.
    Appears in Collections:[資訊工程學系] 學位論文

    Files in This Item:

    File Description SizeFormat

    All items in CCUR are protected by copyright, with all rights reserved.

    版權聲明 © 國立中正大學圖書館網頁內容著作權屬國立中正大學圖書館


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback