C语言安全编码的可视化

Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education Pub Date : 2017-06-28 DOI:10.1145/3059009.3072990

James W. Walker, Jean Mayo, Ching-Kuang Shene, S. Carr

{"title":"C语言安全编码的可视化","authors":"James W. Walker, Jean Mayo, Ching-Kuang Shene, S. Carr","doi":"10.1145/3059009.3072990","DOIUrl":null,"url":null,"abstract":"This paper describes a pedagogical system to visualize program execution.1 The visualization is designed to help students understand how to develop more secure and robust C programs. The system provides several perspectives on the execution including: the values of registers and the logical address space, a call graph, the file descriptor and inode tables, and the handling of sensitive data like passwords and keys. These visualizations are designed to help students understand fundamental concepts such as: buffer overflows, integer overflows, proper handling of sensitive data and application of the principle of least privilege in several contexts including file operations, secure SUID programming, and use and management of the process environment.","PeriodicalId":174429,"journal":{"name":"Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Visualization for Secure Coding in C\",\"authors\":\"James W. Walker, Jean Mayo, Ching-Kuang Shene, S. Carr\",\"doi\":\"10.1145/3059009.3072990\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes a pedagogical system to visualize program execution.1 The visualization is designed to help students understand how to develop more secure and robust C programs. The system provides several perspectives on the execution including: the values of registers and the logical address space, a call graph, the file descriptor and inode tables, and the handling of sensitive data like passwords and keys. These visualizations are designed to help students understand fundamental concepts such as: buffer overflows, integer overflows, proper handling of sensitive data and application of the principle of least privilege in several contexts including file operations, secure SUID programming, and use and management of the process environment.\",\"PeriodicalId\":174429,\"journal\":{\"name\":\"Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3059009.3072990\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3059009.3072990","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

本文描述了一个可视化程序执行的教学系统可视化的目的是帮助学生理解如何开发更安全、更健壮的C程序。系统提供了几个关于执行的透视图，包括:寄存器的值和逻辑地址空间、调用图、文件描述符和inode表，以及对密码和密钥等敏感数据的处理。这些可视化的目的是帮助学生理解一些基本的概念，例如:缓冲区溢出、整数溢出、敏感数据的正确处理以及在包括文件操作、安全SUID编程以及进程环境的使用和管理在内的几种上下文中最小权限原则的应用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Visualization for Secure Coding in C

This paper describes a pedagogical system to visualize program execution.1 The visualization is designed to help students understand how to develop more secure and robust C programs. The system provides several perspectives on the execution including: the values of registers and the logical address space, a call graph, the file descriptor and inode tables, and the handling of sensitive data like passwords and keys. These visualizations are designed to help students understand fundamental concepts such as: buffer overflows, integer overflows, proper handling of sensitive data and application of the principle of least privilege in several contexts including file operations, secure SUID programming, and use and management of the process environment.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education

自引率

0.00%

发文量