计算机系统应用
計算機繫統應用
계산궤계통응용
APPLICATIONS OF THE COMPUTER SYSTEMS
2014年
11期
203-207
,共5页
王大伟%周军%梅红岩
王大偉%週軍%梅紅巖
왕대위%주군%매홍암
漏洞分析%CVE-2012-0158%动态分析%缓冲区溢出%安全开发
漏洞分析%CVE-2012-0158%動態分析%緩遲區溢齣%安全開髮
루동분석%CVE-2012-0158%동태분석%완충구일출%안전개발
software vulnerability%CVE-2012-0158%dynamic analysis%buffer overflow%security development
软件漏洞是引起计算机安全问题的重要根源之一。以CVE-2012-0158漏洞为例,探索了漏洞产生的原理及利用方式。通过动态分析方法简要地描述该漏洞被触发时,程序所执行的代码及函数调用情况,从本质上解析了漏洞产生的原因及危害,从而引起人们对安全开发、避免产生漏洞的重视。给出了通过基于安全性的软件开发方式,可以从根源上减少软件漏洞引起的计算机安全问题,从而提升系统和软件的安全性能。
軟件漏洞是引起計算機安全問題的重要根源之一。以CVE-2012-0158漏洞為例,探索瞭漏洞產生的原理及利用方式。通過動態分析方法簡要地描述該漏洞被觸髮時,程序所執行的代碼及函數調用情況,從本質上解析瞭漏洞產生的原因及危害,從而引起人們對安全開髮、避免產生漏洞的重視。給齣瞭通過基于安全性的軟件開髮方式,可以從根源上減少軟件漏洞引起的計算機安全問題,從而提升繫統和軟件的安全性能。
연건루동시인기계산궤안전문제적중요근원지일。이CVE-2012-0158루동위례,탐색료루동산생적원리급이용방식。통과동태분석방법간요지묘술해루동피촉발시,정서소집행적대마급함수조용정황,종본질상해석료루동산생적원인급위해,종이인기인문대안전개발、피면산생루동적중시。급출료통과기우안전성적연건개발방식,가이종근원상감소연건루동인기적계산궤안전문제,종이제승계통화연건적안전성능。
Software vulnerability is one of the important causes of computer security. Taking the CVE-2012-0158 as an example, the form prince and exploitation way of vulnerability is explored. Which codes and functions are called by the procedure when the vulnerability is triggered are briefly described through the dynamic analysis method and the causes and hazards of vulnerability are explained to arouse people’s attention of taking safe development and avoiding vulnerability. Then safe development methods based on security are mentioned to reduce computer security problems caused by software vulnerabilities fundamentally, so as to improve the safety performance of the system and software.
