English  |  正體中文  |  简体中文  |  Items with full text/Total items : 888/888 (100%)
Visitors : 13898337      Online Users : 320
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://ccur.lib.ccu.edu.tw/handle/A095B0000Q/41

    Title: 基於Clang之程式碼檢查器設計與實作;A Security Checker Based on Clang
    Authors: 張奕祺;CHANG, YI-CHI
    Contributors: 資訊工程研究所
    Keywords: Clang;C語言;緩衝區溢位;靜態分析;Clang;C language;buffer overflow;static analysis
    Date: 2018
    Issue Date: 2019-05-23 10:30:16 (UTC+8)
    Publisher: 資訊工程研究所
    Abstract: 由於C語言在執行上的高效率、功能豐富、擴展性高、可移植性等優點,從被開發出來直至今2018年,其熱門程度一直與JAVA並駕齊驅,在軟體評價公司Tiobe程式語言排行榜中維持前兩名[1]。但是C語言本身的設計缺陷,卻也可能使得電腦當機、軟體崩潰,甚至是輕易的被駭客惡意入侵。這些漏洞包含了緩衝區溢位、格式化字串等等。 為了減少C語言漏洞對應用程式和作業系統的傷害,我們利用靜態分析工具來協助工程師去偵測原始碼中的漏洞。當被檢查的程式碼中使用了我們認為可能會造成系統危害的函式或變數時,編譯器會顯示相關的警告訊息,以便工程師能依據該訊息的提示,來得知原始碼中是否有漏洞的危險。 本篇論文開發出基於Clang之靜態分析工具來協助工程師檢查原始碼,利用檢查後輸出的警告提示,來讓程式執行的過程中擁有更高的安全性。
    Due to the high efficiency, rich functions, high scalability, and portability of the C language, it has been developed since its inception in 2018, and its popularity has been keeping pace with JAVA, in the software evaluation company Tiobe programming language list. Maintain the top two [1]. However, the design flaws of the C language itself may cause the computer to crash, the software to crash, or even be easily maliciously invaded by hackers. These vulnerabilities include buffer overflows, formatted strings, and more.To reduce the harm of C language vulnerabilities to applications and operating systems, we use static analysis tools to assist engineers in detecting vulnerabilities in source code. When the function or variable that we think may cause system harm is used in the code being checked, the compiler will display a warning message so that the engineer can know whether there is a loophole in the source code according to the prompt of the message. Danger.This paper develops a static analysis tool based on Clang to assist engineers in checking the source code and using the warning prompts output after the check to make the program more secure during execution.
    Appears in Collections:[資訊工程學系] 學位論文

    Files in This Item:

    File Description SizeFormat

    All items in CCUR are protected by copyright, with all rights reserved.

    版權聲明 © 國立中正大學圖書館網頁內容著作權屬國立中正大學圖書館


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback