帳號:guest(3.95.39.127)          離開系統
字體大小: 字級放大   字級縮小   預設字形  

詳目顯示

以作者查詢圖書館館藏以作者&題名查詢臺灣博碩士以作者查詢全國書目
作者:黃韋翔
作者(英文):Huang, Wei-Shiang
論文名稱(中文):支援大型軟體測試之符號環境系統
論文名稱(英文):Symbolic Environment Support for Testing Large Software Applications
指導教授(中文):黃世昆
指導教授(英文):Huang, Shih-Kung
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學與工程研究所
學號:9955558
出版年(民國):101
畢業學年度:100
語文別:英文
論文頁數:46
中文關鍵詞:軟體測試符號執行軟體失控樣本資料庫
外文關鍵詞:Software TestingSymbolic ExecutionCrash Database
相關次數:
  • 推薦推薦:0
  • 點閱點閱:353
  • 評分評分:*****
  • 下載下載:13
  • 收藏收藏:0
在軟體開發的過程中,因為程式開發者的疏忽,往往會造成程式中含有潛在的軟體漏洞。透過自動化的軟體動態檢測技術,我們可以從中找出存在的軟體問題。如要大規模、快速、且方便的對軟體檢測,就要建立一個軟體資料庫,將有問題的軟體建立為樣本,以便於後續的軟體研究、分析、與測試之用。
在此篇論文中,提出透過建立虛擬機器映像檔的方式,建立軟體失控樣本資料庫(Crash Database)。預先在映像檔中安裝相關的作業系統以及軟體,當使用者需要時,則可快速建立一個馬上可供使用的環境,改善使用者在進行軟體測試時,還需花時間手動安裝的缺點。
為了方便軟體樣本資料庫的管理,我們也提出一個網頁管理介面,透過此介面,管理者可以在此介面中新增、查詢、刪除後端虛擬機器映像檔的資料。此外,也提供系統狀態監控機制,能在儲存資料庫的設備出現問題時,即時透過電子郵件或簡訊告知管理者。
對於使用者來說,瀏覽這個介面即可了解目前資料庫中可供測試的軟體版本。為了方便使用者在使用時能夠快速建立測試環境,網頁中也提供即時建立虛擬機器映像檔之功能。當使用者點選該功能後,後端程式即會自動建立對應的軟體映像檔;使用者透過下載自動化的腳本程式,來自動掛載透過網路分享的映像檔,進行實驗。結合遠端管理機制,使用者藉由我們所開發的遠端管理軟體,能透過在外部下指令,操作虛擬機器中的環境,達到更多樣性的運作方式。
With the development of software, the quality issues have become a major concern. The truth is that programmers still do not take this problem into consideration, so that software is still with a lot of vulnerabilities or bugs. In this thesis, we try to build a repository with potentially vulnerable software called crash database. The purpose of this database is to collect software with vulnerabilities or bugs, and these collections can be used for further analyze. This database provides an integrated environment that contains an entire operating system, software and remote control framework, so that users do not have to build the environment manually and they can easily perform experiments.
In addition, we develop a web management and monitoring interface; this interface allows users to choose the proper software images and clone a new testing environment quickly. For administrators, they can use this system to add, remove, and control software images; meanwhile, it has the monitoring mechanism that we can know the status of every crash database server. The system therefore improves the traditional software analysis environment.
摘要 i
ABSTRACT ii
誌謝 iii
Contents iv
List of Figures vi
List of Tables viii
1. Introduction 1
1.1. Background 1
1.1.1. Common Vulnerabilities 1
1.1.2. Program Testing Mechanism 3
1.1.3. Other Tools 7
1.2. Motivation 10
1.3. Objective 11
2. Related Work 12
3. Methods 14
3.1. Guest OS Remote Control 15
3.1.1. Remote Control 15
3.1.2. Symbolic Methods 17
3.2. Crash Database 19
3.2.1. Design of Crash Database 19
3.2.2. Image Management & Monitor 23
3.2.3. Automated Experiment 25
4. Implementation 26
4.1. Guest OS Remote Control 26
4.1.1. Procedure of Customized Function 26
4.1.2. Customized Op-Code 27
4.1.3. S2E Plugin 28
4.1.4. Remote Control framework 29
4.2. Crash Database 31
4.2.1. Fast Deployment & Low Usage of Disk Space 31
4.2.2. Support Large Scale Testing & Load Balance 33
4.3. Web Based Management & Monitor System 35
4.3.1. Image Management 35
4.3.2. Service Monitor 37
4.3.3. Automated Experiment 38
5. Result and Evaluation 40
5.1. Images in Crash Database 40
5.2. Boot Time 42
5.3. Web Management 43
6. Conclusion 45
[1] Bellard, F. QEMU, a fast and portable dynamic translator. 2005. USENIX.
[2] V. Chipounov, V. Georgescu, C. Zam r, and G. Candea. Selective symbolic execution. In HotDep, 2009.
[3] Rodeh, O. and A. Teperman. zFS-a scalable distributed file system using object disks. 2003. IEEE.
[4] Dawidek, P.J., Porting the ZFS file system to the FreeBSD operating system. Proc. of AsiaBSDCon, 2007: p. 97-103.
[5] King, J.C., Symbolic execution and program testing. Communications of the ACM, 1976. 19(7): p. 385-394.
[6] Anand, S., C. Păsăreanu, and W. Visser, JPF–SE: A symbolic execution extension to java pathfinder. Tools and Algorithms for the Construction and Analysis of Systems, 2007: p. 134-138.
[7] Ciortea, L., et al., Cloud9: A software testing service. ACM SIGOPS Operating Systems Review, 2010. 43(4): p. 5-10.
[8] Sen, K. Concolic testing. 2007. ACM.
[9] Shepler, S., et al., Network file system (NFS) version 4 protocol. Network, 2003.
[10] Lattner, C. and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. 2004. IEEE.
[11] Miller, B., Fuzz testing of application reliability, 2007, Madison.
[12] Neystadt, J., „Automated Penetration Testing with White-Box Fuzzing “. MSDN Library, 2008.
[13] Cadar, C., D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. 2008. USENIX Association.
[14] Galstad, E., Nagios Version 3. x Documentation. Nagios Group [viitattu 20.2. 2009]. Saatavissa: http://nagios. sourceforge. net/docs/nagios-3. pdf, 2008.
[15] Yeh, T., T.H. Chang, and R.C. Miller. Sikuli: using GUI screenshots for search and automation. 2009. ACM.
[16] Cha, A.R.S.K., T. Avgerinos, and D. Brumley. Unleashing mayhem on binary code. 2012.
 
 
 
 
第一頁 上一頁 下一頁 最後一頁 top
* *