| The research on computer vulnerabilities and the building of the vulnerability database are significant in improving system's security and reducing computer security incidents. The currently focus in this area is on the research in the taxonomy of vulnerabilities and the expand of vulnerability database. This dissertation firstly explain the concept and attributes of vulnerability in detail, and review the current status of vulnerabilities research. Then, it is presented that a structural model of vulnerability database based on the research of the classification of computer vulnerabilities. After that, the dissertation depicts the building of the database based on CVE standard and its generating software.Then, based on analysis of the vulnerabilities in database, this dissertation carries out some research work in exploiting attack and security programming. Exploiting attack is a serious threat to the safety on Internet. As a basis, its memory model and working way is discussed firstly in this paper. Then the comprehensive defense system model is presented, which runs through the whole life period of software. It is discussed that exploiting scanning and utilization at last. Meanwhile the conception and main principle of safe programming and safe threat model is presented, which is very meaningful in improving the quality of software development.At last, this dissertation brings forward a new VPN gateway design scheme to provide defense method to unknown system vulnerabilities for application system. This design is based on IPSec protocol include injecting IPSec module and modifying OS kernel. The design by modifying OS kernel has advancement over operating efficiency and safety performance. It is the last line of defense to unknown security vulnerabilities.
|
PDF Full Text Request