%0 Journal Article
%T Critical Vulnerability Analysis and Exploitation Based on Exception Capture
基于异常捕获的强脆弱性分析和利用
%A SHI Yun-Feng
%A ZHANG Jin-Xiang
%A FENG Jian-Hua
%A
时云峰
%A 张金祥
%A 冯建华
%J 软件学报
%D 2010
%I
%X In this paper, critical vulnerability is parsed from its essence, analysis and exploitation. First, this paper gives the definition of critical vulnerability, present necessary and sufficient condition of the existence for critical vulnerability, and proves that there are not any universal detecting procedures for critical vulnerability. Secondly, this paper proposes three basic conditions to judge if a procedure has critical vulnerability, examines the essential method to analyze critical vulnerability using the backtracking analysis, and proves that the time complexity of the backtracking analysis conforms with the exponential growth of at least O(2h). Lastly, this paper ascribes the critical vulnerability exploitation to solving critical vulnerability equation sets, and gives the algorithm for solving the critical vulnerability equation set by a generalized equation and VC factorization. Then, the paper analyzes and computes two critical vulnerabilities of the Office series software.
%K critical vulnerability
%K backtracking analysis
%K relatively control
%K generalized equation
%K VC factorization
强脆弱性
%K 回溯分析
%K 相对可控
%K 广义方程
%K VC分解
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=7735F413D429542E610B3D6AC0D5EC59&aid=17BB863164C3BB074F72A94703B2F7E3&yid=140ECF96957D60B2&vid=659D3B06EBF534A7&iid=708DD6B15D2464E8&sid=3D7E9628AA346248&eid=D58B400F0C66CC96&journal_id=1000-9825&journal_name=软件学报&referenced_num=0&reference_num=21