| With the rapid development of computer network technology,information sharing and security issues increasingly promoted to our everyday life, there is a growing awareness of the importance of safety issues. It must be talking about vulnerabilities when it comes to say security issues. Because there are a large number of vulnerabilities in system and software so that the criminala can take advantage of the vulnerabilities to accomplish what they want to do, giving the computer network and people to great inconvenience and even the destructive damage. Therefore,the software vulnerability analysis and research in the computer industry and information security fields, has a very important value of theory and use.This thesis first introduces the theory of vunerability status at home and abroad, as well as the related information of the vulnerability database. This thesis disusses the related concepts, definitions and classifications fo vulnerability, analysis of the causes and the nature of vulnerability ,and to compare and summarize the current excavations in the vulnerability of the more commonly used method. Any kind of vulnerability mining method has its advantages and disadvantages, the current vulnerability mining method all combining the advantages of the various of vulnerability mining method, giving the software a more comprehensive vulnerability analysis.Based on the study of vulnerability mining method, this thesis proposes a general framework and a common process for vulnerability, as well as proposes a vulnerability mining method which based on data-flow analysis. The structure process combine the static analysis and the dynamic analysis organically to achieve a comprehensive and thorough analysis for software vulnerabilities.Vulnerability database is an important part of vulnerability detection and vulnerability mining,the degree of maturity and completeness of vulnerability database in large degree dicision the scope fo vulnerability mining methods and vulnerabilities which can be detected. Our research in vulnerability database started late and a low base,so up to now have not yet formed a complete our own vulnerability database system.While some companies have established their own vulnerability database,but has not been widespread use and promotion,so research in this area is also difficult. This thesis annlyzes the three major vulnerability database system abroad,and mainly with reference to international CVE vulnerability database standards to propose a framework models for vulnerability database for the study in vulnerability database to provide some reference. Such a framework model is far from perfect, of course, also need to continuously improve in the future.Finally, the thesis summarize the existing techonogies of software vulnerabilities and prespect the development direction. Although the frameworks for the vulnerability and vulnerability database are not perfect, but still will provide some reference fou the work in the future. |
PDF Full Text Request