计算机专业毕业设计说明书外文翻译(中英对照)

TalkingaboutsecurityloopholesRichardS.Krausreferencetothecorenetworksecuritybusinessobjectiveistoprotectthesustainabilityofthesystemanddatasecurity,Thistwoofthemainthreatscomefromthewormoutbreaks,hackingattacks,denialofserviceattacks,Trojanhorse.Worms,hackerattacksproblemsandloopholescloselylinkedto,ifthereismajorsecurityloopholeshaveemerged,theentireInternetwillbefacedwithamajorchallenge.WhiletraditionalTrojanandlittlesecurityloopholes,butrecentlymanyTrojanarecleveruseoftheIEloopholeletyoubrowsethewebsiteatunknowinglywereonthemove.Securityloopholesinthedefinitionofalot,Ihavehereisapopularsaying:canbeusedtostemthethoughtcannotdo,andaresafety-relateddeficiencies.Thisshortcomingcanbeamatterofdesign,coderealizationoftheproblem.DifferentperspectiveofsecurityloopholesIntheclassificationofaspecificprocedureissafefromthemanyloopholesinclassification.1.Classificationfromtheusergroups:●Publicloopholesinthesoftwarecategory.IftheloopholesinWindows,IEloophole,andsoon.●specializedsoftwareloophole.IfOracleloopholes,Apache,etc.loopholes.2.Datafromtheperspectiveinclude:●couldnotreasonablybereadandreaddata,includingthememoryofthedata,documentsthedata,Usersinputdata,thedatainthedatabase,network,datatransmissionandsoon.●designatedcanbewrittenintothedesignatedplaces(includingthelocalpaper,memory,databases,etc.)●Inputdatacanbeimplemented(includingnativeimplementation,accordingtoShellcodeexecution,bySQLcodeexecution,etc.)3.Fromthepointofviewofthescopeoftheroleare:●Remoteloopholes,anattackercouldusethenetworkanddirectlythroughtheloopholesintheattack.Suchloopholesgreatharm,anattackercancreatealoopholethroughotherpeople'scomputersoperate.SuchloopholesandcaneasilyleadtowormattacksonWindows.●Localloopholes,theattackermusthavethemachinepremiseaccesspermissionscanbelaunchedtoattacktheloopholes.Typicalofthelocalauthoritytoupgradeloopholes,loopholesintheUnixsystemarewidespread,allowordinaryuserstoaccessthehighestadministratorprivileges.4.Triggerconditionsfromthepointofviewcanbedividedinto:●Initiativetriggerloopholes,anattackercantaketheinitiativetousetheloopholesintheattack,Ifdirectaccesstocomputers.●Passivetriggerloopholesmustbecomputeroperatorscanbecarriedoutattackswiththeuseoftheloophole.Forexample,theattackermadetoamailadministrator,withaspecialjpgimagefiles,iftheadministratortoopenimagefileswillleadtoapictureofthesoftwareloopholewastriggered,therebysystemattacks,butifmanagersdonotlookatthepictureswillnotbeaffectedbyattacks.5.Onanoperationalperspectivecanbedividedinto:●Fileoperationtype,mainlyfortheoperationofthetargetfilepathcanbecontrolled(e.g.,parameters,configurationfiles,environmentvariables,thesymboliclinkHEC),thismayleadtothefollowingtwoquestions:◇Contentcanbewrittenintocontrol,thecontentsofthedocumentscanbeforged.Upgradingorauthoritytodirectlyaltertheimportantdata(suchasrevisingthedepositandlendingdata),thishasmanyloopholes.IfhistoryOracleTNSLOGdocumentcanbedesignatedloopholes,couldleadtoanypersonmaycontroltheoperationoftheOraclecomputerservices;◇informationcontentcanbeoutputPrintcontenthasbeencontainedtoascreentorecordreadablelogfilescanbegeneratedbythecoreusersreadingpapers,SuchloopholesinthehistoryoftheUnixsystemcrontabsubsystemseenmanytimes,ordinaryuserscanreadtheshadowofprotecteddocuments;●Memorycoverage,mainlyformemorymodulescanbespecified,writecontentmaydesignatesuchpersonswillbeabletoattacktoenforcethecode(bufferoverflow,formatstringloopholes,PTraceloopholes,Windows2000historyofthehardwaredebuggingregistersuserscanwriteloopholes),ordirectlyalterthememoryofsecretsdata.●logicerrors,suchwidegapsexist,butveryfewchanges,soitisdifficulttodiscern,canbebrokendownasfollows:◇loopholescompetitiveconditions(usuallyforthedesign,typicalofPtraceloopholes,Theexistenceofwidespreaddocumenttimingofcompetition)◇wrongtactic,usuallyindesign.IfthehistoryoftheFreeBSDSmartIOloopholes.◇Algorithm(usuallycodeordesigntoachieve),IfthehistoryofMicrosoftWindows95/98sharingpasswordcaneasilyaccessloopholes.◇Imperfectionsofthedesign,suchasTCP/IPprotocolofthethree-stephandshakeSYNFLOODledtoadenialofserviceattack.◇realizethemistakes(usuallynoproblemforthedesign,butthepresenceofcodinglogicwrong,Ifhistorybettingsystempseudo-randomalgorithm)●Externalorders,Typicalofexternalcommandscanbecontrolled(viathePATHvariable,SHELLimportationofspecialcharacters,etc.)andSQLinjectionissues.6.Fromtimeseriescanbedividedinto:●haslongfoundloopholes:manufacturersalreadyissuedapatchorrepairmethodsmanypeopleknowalready.Suchloopholesareusuallyalotofpeoplehavehadtorepairmacroperspectiveharmrathersmall.●recentlydiscoveredloophole:manufacturersjustmadepatchorrepairmethods,thepeoplestilldonotknowmore.Comparedtogreaterdangerloopholes,ifthewormappearedfoolortheuseofprocedures,sowillresultinalargenumberofsystemshavebeenattacked.●0day:notopentheloopholeintheprivatetransactions.Usuallysuchloopholestothepublicwillnothaveanyimpact,butitwillallowanattackertothetargetbyaimingprecisionattacks,harmisverygreat.DifferentperspectiveontheuseoftheloopholesIfadefectshouldnotbeusedtostemtheoriginalc