【摘要】：網(wǎng)絡(luò)技術(shù)的快速發(fā)展一方面給人們的生活帶來了便利,另一方面也帶來了許多的安全問題,這些安全問題常常導(dǎo)致信息泄露等一系列嚴(yán)重后果。引起網(wǎng)絡(luò)安全問題的原因是多方面的,其中緩沖區(qū)溢出是一種非常普遍、非常危險(xiǎn)的安全漏洞。編譯器GCC提供的安全編譯選項(xiàng)能有效的防范緩沖區(qū)溢出攻擊,減少網(wǎng)絡(luò)攻擊的可能性。因此有效的檢測(cè)可執(zhí)行文件所添加的安全編譯選項(xiàng)是十分有意義的。然而,現(xiàn)階段大多數(shù)工具都只能單一的檢測(cè)單一平臺(tái)的可執(zhí)行文件,無法做到大規(guī)模、跨平臺(tái)的檢測(cè),并且無法直觀地顯示檢測(cè)結(jié)果,更不能進(jìn)行安全等級(jí)評(píng)定。本課題首先研究GCC安全編譯選項(xiàng)的底層實(shí)現(xiàn)原理以及持續(xù)集成系統(tǒng)的基礎(chǔ)理論,然后依托某公司的持續(xù)集成系統(tǒng),設(shè)計(jì)一套安全編譯選項(xiàng)測(cè)評(píng)系統(tǒng)。該系統(tǒng)能夠?qū)Ω鱾�(gè)產(chǎn)品線上的軟件進(jìn)行檢測(cè),特別是能夠跨平臺(tái)的檢測(cè)不同操作系統(tǒng)下可執(zhí)行文件所添加的安全選項(xiàng),并進(jìn)行評(píng)級(jí)和打分。本系統(tǒng)自動(dòng)化地判斷可執(zhí)行文件在編譯時(shí)相關(guān)選項(xiàng)是否添加成功,一方面省去了繁瑣的手動(dòng)查詢工作,另一方面在節(jié)省了大量人力資源的同時(shí)確保了可執(zhí)行文件的安全性.本文主要圍繞安全編譯選項(xiàng)測(cè)評(píng)系統(tǒng)的實(shí)現(xiàn)過程展開,主要?jiǎng)?chuàng)新工作如下:(1)在原有檢測(cè)工具的基礎(chǔ)上添加了評(píng)級(jí)和打分功能,能在頁(yè)面上直觀的顯示檢測(cè)結(jié)果,方便使用者查看。(2)能一鍵檢測(cè)不同操作系統(tǒng)編譯生成的可執(zhí)行文件,使用者無需過多關(guān)注檢測(cè)環(huán)境,系統(tǒng)會(huì)自動(dòng)檢測(cè)測(cè)試環(huán)境,并選擇相對(duì)應(yīng)的工具進(jìn)行檢測(cè),具有跨平臺(tái)性。(3)可以自動(dòng)化的實(shí)現(xiàn)安全編譯選項(xiàng)的檢測(cè)工作,無需浪費(fèi)大量的人力來進(jìn)行反匯編代碼分析等工作。
[Abstract]:The rapid development of network technology has brought convenience to people's life on the one hand, on the other hand, it also brings a lot of security problems. These security problems often lead to a series of serious consequences such as information leakage. The cause of network security problems is multifaceted, in which the buffer overflow is a very common, very dangerous leakage. The security compiler options provided by the compiler GCC can effectively prevent buffer overflow attacks and reduce the possibility of network attacks. Therefore, it is very meaningful to detect the security compilation options added to the executable file effectively. However, most tools can only detect single platform executable files at the present stage, and can not do it. To the large-scale, cross platform detection, and can not display the detection results intuitively, can not carry on the security level evaluation. This topic first studies the underlying implementation principle of the GCC security compilation options and the basic theory of the continuous integrated system, and then relies on the continuous integrated system of a company to design a set of security compilation options evaluation system. The system can detect the software on each product line, especially to detect the security options added to the executable files under different operating systems across the platform, and evaluate and score the ratings. This system automatically judges whether the executable files have been added successfully at compile time. On the one hand, it saves the tedious manual query. The work, on the other hand, saves a lot of human resources and ensures the security of the executable files. This paper mainly focuses on the implementation of the security compilation options evaluation system. The main innovations are as follows: (1) adding the rating and scoring functions on the basis of the original detection tools, can display the results on the page intuitively. It is convenient for users to check. (2) the executable file can be detected by one key, and the user does not need to pay much attention to the detection environment. The system will automatically detect the test environment, and select the corresponding tools to detect and cross platform. (3) it is possible to automatically detect the security compilation options. The amount of manpower for disassembly code analysis and so on.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08;TP314

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 ;量化考核測(cè)評(píng)系統(tǒng)[J];中國(guó)勞動(dòng);2000年10期

2 ;實(shí)用人力資源測(cè)評(píng)系統(tǒng)——借您一雙慧眼[J];通信企業(yè)管理;2002年07期

3 程載和,楊文s，

本文編號(hào)：2164451