상세정보
Export to Refworks부가기능
Tools and Experiments for Software Security
상세 프로파일
| 자료유형 | 학위논문 |
|---|---|
| 서명/저자사항 | Tools and Experiments for Software Security. |
| 개인저자 | Ruef, Andrew. |
| 단체저자명 | University of Maryland, College Park. Computer Science. |
| 발행사항 | [S.l.]: University of Maryland, College Park., 2018. |
| 발행사항 | Ann Arbor: ProQuest Dissertations & Theses, 2018. |
| 형태사항 | 258 p. |
| 기본자료 저록 | Dissertations Abstracts International 81-02B. Dissertation Abstract International |
| ISBN | 9781085583633 |
| 학위논문주기 | Thesis (Ph.D.)--University of Maryland, College Park, 2018. |
| 일반주기 |
Source: Dissertations Abstracts International, Volume: 81-02, Section: B.
Advisor: Hicks, Michael W. |
| 이용제한사항 | This item must not be sold to any third party vendors.This item must not be added to any third party search indexes. |
| 요약 | The computer security problems that we face begin in computer programs that we write.The exploitation of vulnerabilities that leads to the theft of private information and other nefarious activities often begins with a vulnerability accidentally created in a computer program by that program's author. What are the factors that lead to the creation of these vulnerabilities? Software development and programming is in part a synthetic activity that we can control with technology, i.e. different programming languages and software development tools. Does changing the technology used to program software help programmers write more secure code? Can we create technology that will help programmers make fewer mistakes?This dissertation examines these questions. We start with the Build It Break It Fix It project, a security focused programming competition. This project provides data on software security problems by allowing contestants to write security focused software in any programming language. We discover that using C leads to memory safety issues that can compromise security.Next, we consider making C safer. We develop and examine the Checked C programming language, a strict super-set of C that adds types for spatial safety. We also introduce an automatic re-writing tool that can convert C code into Checked C code. We evaluate the approach overall on benchmarks used by prior work on making C safer.We then consider static analysis. After an examination of different parameters of numeric static analyzers, we develop a disjunctive abstract domain that uses a novel merge heuristic, a notion of volumetric difference, either approximated via MCMC sampling or precisely computed via conical decomposition. This domain is implemented in a static analyzer for C programs and evaluated.After static analysis, we consider fuzzing. We consider what it takes to perform a good evaluation of a fuzzing technique with our own experiments and a review of recent fuzzing papers. We develop a checklist for conducting new fuzzing research and a general strategy for identifying root causes of failure found during fuzzing. We evaluate new root cause analysis approaches using coverage information as inputs to statistical clustering algorithms. |
| 일반주제명 | Computer science. Statistics. |
| 언어 | 영어 |
| 바로가기 | 
: 이 자료의 원문은 한국교육학술정보원에서 제공합니다. |
