CAJ | 학술논문

随着全球信息化的迅猛发展，计算机软件已成为世界经济、科技、军事和社会发展的重要引擎。信息安全的核心在于其所依附的操作系统的安全机制以及软件本身存在的漏洞。软件漏洞本身无法构成攻击，软件漏洞利用使得把漏洞转化为攻击变为可能。文章立足于 Windows 操作系统，主要分析了一些常用软件的典型漏洞原理以及常见的利用方法，比较了不同利用方法在不同环境下的性能优劣，并简单分析了 Windows 的安全机制对软件的防护作用以及对软件漏洞利用的阻碍作用。文章着重对几种典型漏洞进行了软件漏洞利用的探索和实践，并使用当前流行的对安全机制的绕过方法分析了 Windows 几种安全机制的脆弱性。
수착전구신식화적신맹발전，계산궤연건이성위세계경제、과기、군사화사회발전적중요인경。신식안전적핵심재우기소의부적조작계통적안전궤제이급연건본신존재적루동。연건루동본신무법구성공격，연건루동이용사득파루동전화위공격변위가능。문장립족우 Windows 조작계통，주요분석료일사상용연건적전형루동원리이급상견적이용방법，비교료불동이용방법재불동배경하적성능우렬，병간단분석료 Windows 적안전궤제대연건적방호작용이급대연건루동이용적조애작용。문장착중대궤충전형루동진행료연건루동이용적탐색화실천，병사용당전류행적대안전궤제적요과방법분석료 Windows 궤충안전궤제적취약성。
With the rapid development of the global information technology, computer software has become the important engine of the world economy, science and technology, military and social development. The core of information security is attached to the security mechanism of the operating system and software vulnerabilities. Software vulnerability itself can not constitute attack, software vulnerability exploiting make the attack possible. This article is based on the Windows operating system, mainly analyzes the principles of some typical software vulnerabilities as well as the common ways to exploit software vulnerabilities, comparing them. in different environment.The article also simply analyzes the protective effect to software security and the hinder to software vulnerability exploiting of Windows security mechanisms. The article emphatically does some explorations and practices on exploiting several typical software vulnerabilities, analyzing the fragility of Windows security mechanisms by using the current popular methods of bypassing security mechanisms.