计算机专业毕业设计论文说明书外文翻译中英对照.docx
- 文档编号:5101569
- 上传时间:2022-12-13
- 格式:DOCX
- 页数:9
- 大小:23.01KB
计算机专业毕业设计论文说明书外文翻译中英对照.docx
《计算机专业毕业设计论文说明书外文翻译中英对照.docx》由会员分享,可在线阅读,更多相关《计算机专业毕业设计论文说明书外文翻译中英对照.docx(9页珍藏版)》请在冰豆网上搜索。
计算机专业毕业设计论文说明书外文翻译中英对照
Talkingaboutsecurityloopholes
RichardS.Kraus
referencetothecorenetworksecuritybusinessobjectiveistoprotectthesustainabilityofthesystemanddatasecurity,Thistwoofthemainthreatsefromthewormoutbreaks,hackingattacks,denialofserviceattacks,Trojanhorse.Worms,hackerattacksproblemsandloopholescloselylinkedto,ifthereismajorsecurityloopholeshaveemerged,theentireInternetwillbefacedwithamajorchallenge.WhiletraditionalTrojanandlittlesecurityloopholes,butrecentlymanyTrojanarecleveruseoftheIEloopholeletyoubrowsethewebsiteatunknowinglywereonthemove.
Securityloopholesinthedefinitionofalot,Ihavehereisapopularsaying:
canbeusedtostemthe"thought"cannotdo,andaresafety-relateddeficiencies.Thisshortingcanbeamatterofdesign,coderealizationoftheproblem.
Differentperspectiveofsecurityloopholes
Intheclassificationofaspecificprocedureissafefromthemanyloopholesinclassification.
1.Classificationfromtheusergroups:
●Publicloopholesinthesoftwarecategory.IftheloopholesinWindows,IEloophole,andsoon.
●specializedsoftwareloophole.IfOracleloopholes,Apache,etc.loopholes.
2.Datafromtheperspectiveinclude:
●couldnotreasonablybereadandreaddata,includingthememoryofthedata,documentsthedata,Usersinputdata,thedatainthedatabase,network,datatransmissionandsoon.
●designatedcanbewrittenintothedesignatedplaces(includingthelocalpaper,memory,databases,etc.)
●Inputdatacanbeimplemented(includingnativeimplementation,accordingtoShellcodeexecution,bySQLcodeexecution,etc.)
3.Fromthepointofviewofthescopeoftheroleare:
●Remoteloopholes,anattackercouldusethenetworkanddirectlythroughtheloopholesintheattack.Suchloopholesgreatharm,anattackercancreatealoopholethroughotherpeople'sputersoperate.SuchloopholesandcaneasilyleadtowormattacksonWindows.
●Localloopholes,theattackermusthavethemachinepremiseaccesspermissionscanbelaunchedtoattacktheloopholes.Typicalofthelocalauthoritytoupgradeloopholes,loopholesintheUnixsystemarewidespread,allowordinaryuserstoaccessthehighestadministratorprivileges.
4.Triggerconditionsfromthepointofviewcanbedividedinto:
●Initiativetriggerloopholes,anattackercantaketheinitiativetousetheloopholesintheattack,Ifdirectaccesstoputers.
●Passivetriggerloopholesmustbeputeroperatorscanbecarriedoutattackswiththeuseoftheloophole.Forexample,theattackermadetoamailadministrator,withaspecialjpgimagefiles,iftheadministratortoopenimagefileswillleadtoapictureofthesoftwareloopholewastriggered,therebysystemattacks,butifmanagersdonotlookatthepictureswillnotbeaffectedbyattacks.
5.Onanoperationalperspectivecanbedividedinto:
●Fileoperationtype,mainlyfortheoperationofthetargetfilepathcanbecontrolled(e.g.,parameters,configurationfiles,environmentvariables,thesymboliclinkHEC),thismayleadtothefollowingtwoquestions:
◇Contentcanbewrittenintocontrol,thecontentsofthedocumentscanbeforged.Upgradingorauthoritytodirectlyaltertheimportantdata(suchasrevisingthedepositandlendingdata),thishasmanyloopholes.IfhistoryOracleTNSLOGdocumentcanbedesignatedloopholes,couldleadtoanypersonmaycontroltheoperationoftheOracleputerservices;
◇informationcontentcanbeoutputPrintcontenthasbeencontainedtoascreentorecordreadablelogfilescanbegeneratedbythecoreusersreadingpapers,SuchloopholesinthehistoryoftheUnixsystemcrontabsubsystemseenmanytimes,ordinaryuserscanreadtheshadowofprotecteddocuments;
●Memorycoverage,mainlyformemorymodulescanbespecified,writecontentmaydesignatesuchpersonswillbeabletoattacktoenforcethecode(bufferoverflow,formatstringloopholes,PTraceloopholes,Windows2000historyofthehardwaredebuggingregistersuserscanwriteloopholes),ordirectlyalterthememoryofsecretsdata.
●logicerrors,suchwidegapsexist,butveryfewchanges,soitisdifficulttodiscern,canbebrokendownasfollows:
◇loopholespetitiveconditions(usuallyforthedesign,typicalofPtraceloopholes,Theexistenceofwidespreaddocumenttimingofpetition)◇wrongtactic,usuallyindesign.IfthehistoryoftheFreeBSDSmartIOloopholes.◇Algorithm(usuallycodeordesigntoachieve),IfthehistoryofMicrosoftWindows95/98sharingpasswordcaneasilyaccessloopholes.◇Imperfectionsofthedesign,suchasTCP/IPprotocolofthethree-stephandshakeSYNFLOODledtoadenialofserviceattack.◇realizethemistakes(usuallynoproblemforthedesign,butthepresenceofcodinglogicwrong,Ifhistorybettingsystempseudo-randomalgorithm)
●Externalorders,Typicalofexternalmandscanbecontrolled(viathePATHvariable,SHELLimportationofspecialcharacters,etc.)andSQLinjectionissues.
6.Fromtimeseriescanbedividedinto:
●haslongfoundloopholes:
manufacturersalreadyissuedapatchorrepairmethodsmanypeopleknowalready.Suchloopholesareusuallyalotofpeoplehavehadtorepairmacroperspectiveharmrathersmall.
●recentlydiscoveredloophole:
manufacturersjustmadepatchorrepairmethods,thepeoplestilldonotknowmore.paredtogreaterdangerloopholes,ifthewormappearedfoolortheuseofprocedures,sowillresultinalargenumberofsystemshavebeenattacked.
●0day:
notopentheloopholeintheprivatetransactions.Usuallysuchloopholestothepublicwillnothaveanyimpact,butitwillallowanattackertothetargetbyaimingprecisionattacks,harmisverygreat.
Differentperspectiveontheuseoftheloopholes
Ifadefectshouldnotbeusedtostemthe"original"cannotdowhatthe(safety-related),onewouldnotbecalledsecurityvulnerability,securityloopholesandgapsinevitablycloselylinkedtouse.
Perspectiveuseoftheloopholesis:
●DataPerspective:
visithadnotvisitedthedata,includingreadingandwriting.Thisisusuallyanattacker'scorepurpose,butcancauseveryseriousdisaster(suchasbankingdatacanbewritten).
●petencePerspective:
MajorPowerstobypassorpermissions.Permissionsareusuallyinordertoobtainthedesireddatamanipulationcapabilities.
●Usabilityperspective:
accesstocertainservicesonthesystemofcontrolauthority,thismayleadtosomeimportantservicestostopattacksandleadtoadenialofserviceattack.
●Authenticationbypass:
usuallyusecertificationsystemandtheloopholeswillnotauthorizetoaccess.Authenticationisusuallybypassedforpermissionsordirectdataaccessservices.
●Codeexecutionperspective:
mainlyproceduresfortheimportationofthecontentsastoimplementthecode,obtainremotesystemaccesspermissionsorlocalsystemofhigherauthority.ThisangleisSQLinjection,memorytypegamespointerloopholes(bufferoverflow,formatstring,Plasticoverflowetc.),themaindriving.Thisangleisusuallybypassingtheauthenticationsystem,permissions,anddatapreparationforthereading.
Loopholesexploremethodsmust
FirstremovesecurityvulnerabilitiesinsoftwareBUGinasubset,allsoftwaretestingtoolshavesecurityloopholestoexplorepractical.Nowthatthe"hackers"usedtoexplorethevariousloopholesthattherearemeansavailabletothemodelare:
●fuzztesting(blackboxtesting),byconstructingproceduresmayleadtoproblemsofstructuralinputdataforautomatictesting.
●FOSSaudit(WhiteBox),nowhaveaseriesoftoolsthatcanassistinthedetectionofthesafetyproceduresBUG.ThemostsimpleisyourhandsthelatestversionoftheClanguagepiler.
●IDAanti-pilationoftheaudit(grayboxtesting),andabovethesourceauditareverysimilar.Theonlydifferenceisthatmanytimesyoucanobtainsoftware,butyoucannotgettothesourcecodeaudit,ButIDAisaverypowerfulanti-Seriesplatform,letyoubasedonthecode(thesourcecodeisinfactequivalent)conductedasafetyaudit.
●dynamictracking,istherecordofproceedingsunderdifferentconditionsandtheimplementationofallsecurityissuesrelatedtotheoperation(suchasfileoperations),thensequenceanalysisoftheseoperationsifthereareproblems,itispetitivecategoryloopholesfoundoneofthemajorways.Othertrackingtaintedspreadalsobelongstothiscategory.
●patch,thesoftwaremanufacturersoutofthequestionusuallyaddressedinthepatch.Byparingthepatchbeforeandafterthesourcedocument(ortheanti-coding)tobeawareofthespecificdetailsofloopholes.
Moretoolswithwhichbothrelatetoacrucialpoint:
Artificialneedtofindaprehensiveanalysisoftheflowpathcoverage.Analysismethodsvariedanalysisanddesigndocuments,sourcecodeanalysis,analysisoftheanti-codepilation,dynamicdebuggingprocedures.
Gradingloopholes
loopholesintheinspectionharmshouldclosetheloopholesandtheuseofthehazardsrelatedOftenpeoplearenotawareofalltheBufferOverflowVulnerabilityloopholesarehigh-risk.Along-distanceloopholeexampleandbetterdelineation:
●RemoteaccesscanbeanOS,applicationprocedures,versioninformation.
●openunnecessaryordangerousintheservice,remoteaccesstosensitiveinformationsystems.
●Remotecanberestrictedforthedocuments,datareading.
●remotelyimportantorrestricteddocuments,datareading.
●maybelimitedforlong-rangedocument,datarevisions.
●Remotecanberestrictedforimportantdocuments,datachanges.
●Remotecanbeconductedwithoutlimitationintheimportantdocuments,datachanges,or
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 计算机专业 毕业设计 论文 说明书 外文 翻译 中英对照