摘要
近年来,浏览器的非法攻击严重危害Web应用程序的安全。浏览器主要依赖同源策略等机制提升安全性,但浏览器种类多,安全机制复杂、零碎,没有通用的安全模型,导致安全边界模糊,依靠人工测试的方法无法满足安全机制测试的需要。设计并实现了一款浏览器安全机制自动化测试系统,自动检测安全机制具体实现情况,得到浏览器安全机制的实现差异性,为发现浏览器未知漏洞的自动化实现提供一种思路。
In recent years, the illegal attacks against the browser are seriously endangering the security of web applications. And the browser mainly depends on the mechanism such as the Same-Origin-Policy to enhance security. However, there are many types of browsers. Security mechanisms are complex and fragmented, and there is no general security model, resulting in fuzzy security boundary. So the method relying on manual testing can not meet the needs of testing security mechanisms. The article introduces the design and implementation of an automatic test system of browser security mechanism. It can test the achievement of specific security mechanism implementation and compare the different security mechanisms between different browsers. And it provides a new idea for achieving the discovery of unknown vulnerabilities of browser automatically.
作者
孙雅静
颜学雄
王清贤
刘树凯
柴川森
SUN Yajing;YAN Xuexiong;WANG Qingxian;LIU Shukai;CHAI Chuansen(Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2018年第3期364-368,共5页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(61272041)
