東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Fixing Software Vulnerabilities and ...

Huang, Zhen.

FindBook

Google Book

Amazon

博客來

Fixing Software Vulnerabilities and Configuration Errors.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Fixing Software Vulnerabilities and Configuration Errors./
作者:	Huang, Zhen.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2018,
面頁冊數:	162 p.
附註:	Source: Dissertation Abstracts International, Volume: 79-12(E), Section: B.
Contained By:	Dissertation Abstracts International79-12B(E).
標題:	Computer science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10794046
ISBN:	9780438188570

Fixing Software Vulnerabilities and Configuration Errors.
Huang, Zhen.

Fixing Software Vulnerabilities and Configuration Errors. - Ann Arbor : ProQuest Dissertations & Theses, 2018 - 162 p.

Source: Dissertation Abstracts International, Volume: 79-12(E), Section: B.

Thesis (Ph.D.)--University of Toronto (Canada), 2018.

With the rise of mobile devices such as smart phones and IoTs and emerging new application areas such as fitness and sport aid, smart home, and augmented reality, computer systems have become a critical part of our daily lives. Our reliance on computer systems make software security and reliability extremely important. However, software security and reliability are threatened by software vulnerabilities and configuration errors.

ISBN: 9780438188570Subjects--Topical Terms:

523869
Computer science.

Fixing Software Vulnerabilities and Configuration Errors.
LDR:03763nmm a2200349 4500 001 2204023
005 20190624102118.5
008 201008s2018 ||||||||||||||||| ||eng d
020 $a 9780438188570
035 $a (MiAaPQ)AAI10794046
035 $a (MiAaPQ)toronto:17554
035 $a AAI10794046
040 $a MiAaPQ $c MiAaPQ
100 1 $a Huang, Zhen. $3 2180060
245 1 0 $a Fixing Software Vulnerabilities and Configuration Errors.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2018
300 $a 162 p.
500 $a Source: Dissertation Abstracts International, Volume: 79-12(E), Section: B.
500 $a Adviser: David Lie.
502 $a Thesis (Ph.D.)--University of Toronto (Canada), 2018.
520 $a With the rise of mobile devices such as smart phones and IoTs and emerging new application areas such as fitness and sport aid, smart home, and augmented reality, computer systems have become a critical part of our daily lives. Our reliance on computer systems make software security and reliability extremely important. However, software security and reliability are threatened by software vulnerabilities and configuration errors.
520 $a Manually fixing software vulnerabilities and configuration errors is a tedious and time consuming task. Automating the task has gained intense interest. This dissertation addresses three challenges in automating the task: 1) mitigating software vulnerabilities rapidly and safely, 2) generating sound security patches and 3) troubleshooting complex configuration errors that involve dependent configuration settings. We make the following contributions.
520 $a First, we consider mitigating software vulnerabilities. Inspired by configuration workarounds, a fast alternative of security patches, we design Security Workaround for Rapid Response (SWRR) that works similarly to configuration workaround but has substantially larger coverage than configuration workarounds. We implement a prototype Talos that automatically produces SWRRs and instruments SWRRs into applications. SWRRs generated by Talos can cover 2.1x software vulnerabilities than configuration workarounds.
520 $a Second, we consider generating sound security patches. With a design specifically targeting three of the most common and severe software vulnerabilities: buffer overflow, bad offset, and integer overflow, we combine program analysis techniques to generate semantically correct security patches. Our prototype implementation called Senx successfully generates correct security patches for 76.2% of 42 real-world software vulnerabilities.
520 $a Third, we compare the strengths and drawbacks of Talos and Senx qualitatively and quantitatively. On one hand, Senx has the strength in applicability. On the other hand, Talos has the strength in scalability and usability. We find that Talos and Senx have complementary applicability. Combining them, we can address 90.5% of the 42 software vulnerabilities.
520 $a Finally, we consider troubleshooting and fixing configuration errors involving dependent configuration settings. We leverage unsupervised machine learning to understand the dependency among configuration settings and use automated GUI testing to enable regular users to troubleshoot and fix configuration errors with ease. We implement a prototype called Ocasta and conduct a user study on Ocasta. We find that Ocasta can correctly identify 88.6% of dependent configuration settings and significantly save user time and effort in troubleshooting and fixing configuration errors.
590 $a School code: 0779.
650 4 $a Computer science. $3 523869
690 $a 0984
710 2 $a University of Toronto (Canada). $b Electrical and Computer Engineering. $3 2096349
773 0 $t Dissertation Abstracts International $g 79-12B(E).
790 $a 0779
791 $a Ph.D.
792 $a 2018
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10794046