摘要
以窃取客户端Cookie为目的的跨站脚本(XSS)攻击,使互联网用户的个人隐私和利益不断遭受侵犯。如何防御XSS攻击,以保障网民和互联网公司的利益,成为亟待解决的问题。针对基于代理的Cookie保护技术进行了研究,设计了基于代理的Cookie保护框架,阐述了框架的基本原理,给出了关键技术的实现方法,并实现了一个基于代理的Cookie保护系统,最后对该保护系统的有效性进行了测试。测试结果表明本系统可对Cookie提供可靠的保护,为跨站防御的研究提供了新的方向。
Cross site script (XSS) vulneralbility attack that aims to steal cookie violates Internet users' privacy and Interests. It is urgent to defend XSS from damaging the interests of netizens and Internet firms. This paper researched the proxy-based Cookie protection technology, designed a proxy-based cookie protection framework, and both basic theories and the realization of key technologies. Then it implemented a proxy-based Cookie protect system. And it carried out validation on the effectiveness of this technology and the result shows that it is robust to protect cookie, and provided a new direction for XSS research.
出处
《计算机应用研究》
CSCD
北大核心
2012年第8期3036-3038,共3页
Application Research of Computers