l          蔡忠宏 –Web 應用程式的錯誤殖入測試介面設計 (The Design of a Software Testing Interface for Applying Fault Injection to Web Applications (92碩)。

Web Application的設計缺失經常引起系統問題，致使線上服務停擺，或產生SQL Injection、Cross-Site Scripting等網路攻擊的安全問題，造成電子商務、政府機構的損失。為了能有效地預防這些問題的產生，我們因此提出一個能自動檢測Web Application設計缺失的機制並實作其測試平台。                                                                              

 此測試平台的設計理念是基於WWW2003會議所發表的論文” Web Application Security Assessment by Fault Injection and Behavior Monitoring”中所提出的方法，利用Software Fault Injection軟體工程的檢測技術來對於Web Application進行安全評估，以找出系統中可能的安全缺陷。這篇碩士論文則更深入的探討Web Application在套用 Fault Injection的相關議題，主要包括自動化測試的實現，以及提高測試效能的方法，同時我們將驗證這些方法確實是可行且有效。

l          張翊晉 - 開放原始碼軟體貢獻度分析(Accounting Ccontribution for Oopen Ssource Ssoftware Ddevelopment) (93 碩)

有鑒於目前開放原始碼軟體日漸普及，但仍欠缺完整的理論以說明開放程式碼與商業程式碼的品質差異。若以制度化的機制來檢驗開放程式碼專案，將有助於衡量開放原始碼專案的品質，亦可由各種不同相度去評斷一個專案的好壞。也希望藉此統計出專案發展者的貢獻度，以及開放程式碼專案之間互相利用的情形，以正比例回報所付出的貢獻度。我們將提出評估方法，以評斷專案的各項指標對於開放程式碼軟體持續度(sustainability)的影響，與以及貢獻度的分析,。方便找出一般成功開放程式碼專案的成功因素為何。

目前對於開放原始程式碼軟體的發展現象，仍然是眾說紛紜，缺乏廣泛的沒有一套完整的理論據以解釋說明來說明。我們最後就研究現況今的開放程式碼世界的一些現象，作一個整理，解釋目前開放程式碼軟體的各種性質現況，。因此對之前做過相似研究的論文，作一些統整，認為不合理的部分加以提出修正並且改進不合理的地方，包括取樣與以及分析的方法式等。

我們這裡的貢獻著重在驗證SourceForge上所選出的當月最佳專案，檢驗對這些專案在做一些檢驗的發展過程，分析貢獻者(發展者/使用者)在程式碼(核心/使用者介面)上的貢獻度比例，並還有提出驗證假設＂成立之初就有雛型的專案，其活躍值會高於比沒有雛型的專案來得好＂。

l          劉世弘 - 程式失控動態分析系統設計與實作(The Design and Implementation of a Dynamic Instrument Tool for Program Crash Analysis) (93 碩)

為了符合市場快速開發的特性，發行後的軟體系統常發生未預期的錯誤。有些錯誤可能導致軟體失控，甚或產生安全弱點。一般現成的商業軟體（Commercial Off-The-Shelf, COTS）都沒有附原始碼，若軟體發生失控，我們能做的就是回報給開發此軟體的廠商，並等待他們的修補（patch）。然而軟體廠商常延誤多時才推出修補程式，有些修補程式甚至與舊有的軟體版本不相容，未能完全修復錯誤。針對現有商業軟體元件，一般仍使用反向工程（Reverse Engineering）工具進行測試與觀察軟體執行行為，以判斷該軟體是否存在可能遭入侵的弱點。本研究的目標在於設計系統、協助判斷程式失控點是否隱藏可被運用的軟體漏洞。我們希望此系統能提供系統化的程式失控分析。

目前已有許多研究著力於偵測程式錯誤並指出錯誤形成的原因，有些是透過靜態程式碼分析或動態觀測程式執行過程來進行分析，而大部分的研究採用的方法是稽核或修改程式原始碼，以達到觀察的目的。然而由於本研究是針對現成的商用軟體，沒有原始碼可供分析，我們因此發展一個實驗與攔截（instrument and interception）的系統，能夠偵測軟體異常執行流程，並判斷是否可能成為安全上的漏洞。本研究發展堆疊錯誤點偵測、逼近（stack corrupt site approximation and identification）與呼叫目標確認（call target validation）兩種機制去偵測程式的執行流程是否發生異常。透過對微軟視窗（Microsoft Windows）平台上商業軟體的實驗，對現有多種弱點都能有效偵測，並經由攔截狀況分析中瞭解產生異常的原因。此實驗也證實錯誤點偵測機制能指出導致堆疊異常的函式。最後我們與相關工具比較，以評估系統的可行性。

In order to meet time to market, software often releases with unintended flaws. Some cause software crashes that are highly related to security vulnerabilities. Commercial Off-The-Shelf (COTS) software normally comes without source code. If there happened any program crash, all we can do is to report it to the vendor and wait for the patch. Some software companies, however, develop their patch not in timely manner, or even no longer support the older version. Normally, intended users can use debuggers to observe the running behavior of the software and determine if there exists any vulnerability to exploit. Our objective is to design a tool that helps systematically detect security-related errors from the crash. We want to automate the process to a certain extent for crash analysis.

Much research work focused on detecting program errors and identifying their root causes either by static analysis or observing their running behavior through dynamic program instrument. Much of the work analyzes or instruments the source code of the software. However, with the assumption of lack of the source code, we develop an execution instrument and interception system and add detection mechanism of anomaly control flow inside to automatically judge if a certain crash can be exploited. We develop stack corrupt site identification and call target validation to detect if the control flow of the program is changed abnormally. Case studies of several commercial Windows applications from known exploits have proved the applicability of our system and better understanding of the exploiting path of these vulnerabilities. It manifests that our corrupt site identification mechanism points out the vulnerable function where the stack is polluted. At last, we compare this work with several related work to manifest the evaluation in the recent research.

Keywords: Dynamic Analysis, Software Wrapper, COTS Vulnerability Testing

l          劉康民  - 軟體版本歷史資料發掘以驗證開放源碼外圍參與者的學習過程(Mining Version Histories to Verify the Learning Process of Legitimate Peripheral) (94 碩)

Since code revisions reflect the extent of human involvement in the software development process, revision histories reveal the interactions and interfaces between developers and modules. We therefore divide developers and modules into groups according to the revision histories of the open source software repository, for example, sourceforge.net. To describe the interactions in the open source development process, we use a representative model, Legitimate Peripheral Participation (LPP) [8], to divide developers into groups such as core and peripheral teams, based on the evolutionary process of learning behavior.

With the conventional module relationship, we divide modules into kernel and non-kernel types (such as UI). In the past, groups of developers and modules have been partitioned naturally with informal criteria. In this work, however, we propose a developer-module relationship model to analyze the grouping structures between developers and modules. Our results show some process cases of relative importance on the constructed graph of project development.

The graph reveals certain subtle relationships in the interactions between core and non-core team developers, and the interfaces between kernel and non-kernel modules.

Keywords: Legitimate Peripheral Participants(LPP), Open Boundary, Open Source Software Development Process.