期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

利用脚本封装抵御跨站脚本攻击 被引量:1

Mitigating cross-site script attacks on script encapsulation
下载PDF
导出
摘要 跨站脚本攻击是一类脚本注入攻击,当发生这类攻击时,浏览器所运行的脚本被分作两类:来自应用程序模板的良性脚本和来自其他途径的可疑脚本.文章提出基于脚本封装的抵御跨站脚本攻击的方法ScriptE,该方法采用额外的HTML标签封装良性脚本,然后通过浏览器插件或网页自带的检测脚本,在客户端实现两类脚本的区分,进而抵御可能的跨站脚本攻击,实验验证了所设计的方法. Cross-site script (XSS) attack is a kind of code injection attacks. When it occurs, the scripts running at client side can be classified into the benign ones, from application templates, and the suspicious ones, from others. This paper presents ScriptE, a method to mitigate XSS attacks based on script encapsulation. According to this method, the benign scripts will be encapsulated by an extra HTML tag at server side. By applying a designed browser add-on or embedding analyzing scripts in response pages, the suspicious scripts can be distinguished at client side and hence the XSS attack can be detected. We have conducted some experiments to validate our proposed ScriptE method.
作者 沈伍强 唐屹
机构地区 广州大学数学与信息科学学院
出处 《广州大学学报(自然科学版)》 CAS 2010年第5期78-82,共5页 Journal of Guangzhou University:Natural Science Edition
关键词 跨站脚本 脚本封装 HTML标签 cross-site script script encapsulation HTML tag
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1Wikipedia encyclopedia. Cross-site scripting[ EB/OL]. http : jJen. wikipedia, org/wiki/Cross-site_scripting,2009.
  • 2CVE-Common vulnerabilities and exposures (CVE) [ EB/OL]. http://cve, mitre, org/,2009.
  • 3GUNDY M. CHEN H. Noncespaces:Using randomization to enforce information flow tracking and thwart cross-site scripting attacks [ C ] // Proceedings of NDSS' 09, San Diego, California,2009.
  • 4NADJI Y, SAXENA P, SONG D. Document structure integrity.a robust basis for cross-site scripting defense[ C ]//Proceedings of NDSS' 09, San Diego, California,2009.
  • 5XU W, BHATKA S, SEKAR R. Taint-Enhanced policy enforcement : a practical approach to defeat a wide range of attacks [ C ]//Proceedings of USENIX Security' 06, Vancouver, B. C., Canada, USENIX ,2006 : 121-136.
  • 6VOGT P, NENTWICH F. Cross site scripting prevention with dynamic data tainting and static analysis [ C ]//Proceedings of NDSS' 07, San Diego,California,2007.
  • 7KIRDA E, KRUGEL C, VIGNA G. et al. Noxes:a client-side solution for mitigating cross-site scripting attacks [ C]//Proceedings of SAC' 06, Dijon, France : ACM, 2006:330-337.
  • 8JIM T, SWAM~ N, HICKS M. Defeating script injection attacks with browser-enforced embedded policies[ C] JJProceedings of www' 07, Banff Alberta, Canada : ACM,2007:601-610.
  • 9HANSEN R. XSS( Cross Site Scripting) cheat sheet esp : for filter evasion[ EB/OL ]. http ://ha. ckers, org/xss, html,2008.
  • 10REIS C, GRIBBLE S, KOHNO T, et al. Detecting In-Flight page changes with web tripwires [ C ]//Proceedings of NSDI' 08/5th USENIX Symposium on Networked System's Design and Implementation. San Francisco,California:USENIX,2008 : 31-44.

同被引文献3

引证文献1

二级引证文献3

广州大学学报(自然科学版)
2010年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部