| 摘要: | 近年來國際軟體發展,隨著雲端和智慧型手機相關資訊系統管理與應用程式之需求更加蓬勃。有人說掌握了軟體就能掌握全世界,值此21世紀所看到的是對軟體的使用與依賴越來越重。舉凡伺服器、資料中心、網路及網頁應用等,無一不需使用程式碼,遑論如大數據資訊之擷取、屬性分類前置處理、各歸類資料之後續分析處理,以及軟體定義之資料中心、軟體定義網路和軟體定義儲存等,其應用與服務都大幅度推動軟體發展。然軟體之應用安全性係資訊安全領域中較難以克服之困難。
企業為精簡人事與開發成本,普遍喜歡使用能提供自動化處理或分析之系統、應用程式或設備。軟體開發期間或起始階段發現程式碼bugs、漏洞或脆弱性,加以修改調整,就能避免上線後因需更新系統或重新部署,衍生不必要之人力與時間成本的耗費。
本論文所提出之研究架構,希望能分別經由靜態與動態分析,將原始碼資訊及經漏洞修補後,再進行程式間交互比對與整合,以掌握修補漏洞之程式所修補之弱點或漏洞。藉此找出關鍵或必要部分,來強化應用程式使用之安全性與可信賴性,讓企業與終端使用者均能安心使用。目前論文僅完成靜態測試,未來將補足動態測試與整合分析。
In recent years, the development of international software has been booming due to the demand for information system management and applications related to the cloud and smart phones. Some people say that the software can grasp the world. In the 21st century, the use and dependence of software are getting more and more important.
All servers, data centers, Internet and web applications use indispensable codes, not to mention the big data information retrieval, attribute classification pretreatment, the follow-up analysis and processing of the classification data, software-defined data center, software-defined network and software definition storage. Their applications and services greatly promote the software development. However, the application security of software is much more difficult to overcome in the field of information security.
In order to cut down the investment, most of the enterprises use the free software for software security testing. If the software bug, leakage, vulnerabilities, etc. can be fixed at the first time of program developing, some effort of updating after on-line deploying could be saved.
In this thesis, the proposed scheme is implemented based on the process of static and dynamic analysis of the software. Through the comparing of raw source code and the fixed code to comprehend the problem and find out the key points, thus we can enhance the security of software and provide more trusted applications for enterprises and users. Now there is only static test implemented, the dynamic test and integrated analysis will be accomplishing in the future. |
