결함 주입을 이용한 소프트웨어 보안 테스팅 |
Kim, Ki-Bom
(국가보안기술연구소)
Choi, Young-Han (국가보안기술연구소) Yang, Jin-Seok (국가보안기술연구소) Hong, Soon-Jwa (국가보안기술연구소) |
1 | http://www.ece.cmu.edu/~koopman/ballista/ |
2 | Ilja van Sprundel, 'Unix Kernel Auditing' |
3 | Volkmar SIEH, 'Fault-Injector using UNIX ptrace Interface', Internal Report No.:11/93, Universit at Erlangen-Nurnberg, 1993 |
4 | PROTOS Project, http://www.ee.oulu.fi/research/ouspg/protos/ |
5 | Jeffrey M. Voas, Software Fault Injection Inoculating Programs Against Errors, John Wieley & Sons, 1997 |
6 | http://www.gnu.org/software/gdb/ |
7 | Diomidis Spinellis, 'The Design and Implementation of a Two Process Prolog Debugger', 1989 |
8 | Peter Oehlert, 'Violating Assumptions with Fuzzing', IEEE Security & Privacy, pp.58-62, March/April 2005 |
9 | GPF project, http://www.appliedsec.com |
10 | Michael Sutton, Adam Greene, 'The Art of File Format Fuzzing', Blackhat 2005 |
11 | http://www.microsoft.com/whdc/devtools/debugging/default.mspx |
12 | http://labs.idefense.com/software/fuzzing.php#more_spikefile |
13 | Nathan P. Kropp, Philip J. Koopman, Daniel P. Siewiorek. 'Automated Robustness Testing of Off-the-Shelf Software Components', Proceedings of the 28th Fault Tolerant Computing Symposium, pp.230-239, June 1998 |
14 | http://msdn.microsoft.com/library |
15 | Michael Howard, David LeBlanc, Writing Secure Code, 2nd Edition, 2002, Microsoft Press |
16 | James A. Whittaker, 'Software's Invisible Users', IEEE Software, 18(31): pp.84-88, 2002 |
17 | Barton P. Miller, Lars Fredriksen, Bryan So, 'An empirical study of the reliability of Unix Utilities', Communications of the ACM, 33(12):pp.32-44, December 1990 DOI |
18 | http://www.securityinnovation.com/holodeck/index.shtml |
19 | Justin E. Forrester, Barton P. Miller, 'An Empirical Study of the Robustness of Windows NT Applications Using Random Testing', 4th USENIX Windows System Symposium, 2000 |
20 | Autodafe, http://autodafe,sourceforge.net |