A Web Application Runtime Application Self-protection Scheme against Script Injection Attacks

被引:4
|
作者
Yin, Zhongxu [1 ]
Li, Zhufeng [2 ]
Cao, Yan [1 ]
机构
[1] State Key Lab Math Engn & Adv Comp, Zhengzhou 450001, Henan, Peoples R China
[2] Zhengzhou Informat Sci & Technol Inst, Zhengzhou 450002, Henan, Peoples R China
来源
CLOUD COMPUTING AND SECURITY, PT II | 2018年 / 11064卷
基金
中国国家自然科学基金;
关键词
Script injection; Program analyzing; Dataflow analyzing; Runtime application self-protection;
D O I
10.1007/978-3-030-00009-7_51
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Script injection vulnerabilities are popular vulnerabilities in dynamic web applications. Necessary conditions were analyzed for the generation and exploitation of script injection vulnerabilities to provide protection against different injection types. Combined with the analysis of the host language and the object language, the statements were located with their types in the HTML statements. Based on the control flow graph, the data dependency relation subgraph containing source points and sink points was built. A filter insertion algorithm is designed for this sub-graph to define different input data type filtering strategies. Then a solution was implemented based on data flow analysis and automatic insertion of filters before relevant sink statements.
引用
收藏
页码:566 / 577
页数:12
相关论文
共 50 条
  • [31] Multi-Layered Defense against Web Application Attacks
    Razzaq, Abdul
    Hur, Ali
    Haider, Nasir
    Ahmad, Farooq
    PROCEEDINGS OF THE 2009 SIXTH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, VOLS 1-3, 2009, : 492 - 497
  • [32] Comparative mixed risk aversion: Definition and application to self-protection and willingness to pay
    Dachraoui, K
    Dionne, G
    Eeckhoudt, L
    Godfroid, P
    JOURNAL OF RISK AND UNCERTAINTY, 2004, 29 (03) : 261 - 276
  • [33] Comparative Mixed Risk Aversion: Definition and Application to Self-Protection and Willingness to Pay
    Kaïs Dachraoui
    Georges Dionne
    Louis Eeckhoudt
    Philippe Godfroid
    Journal of Risk and Uncertainty, 2004, 29 : 261 - 276
  • [34] Improving Web Application Firewalls to Detect Advanced SQL Injection Attacks
    Makiou, Abdelhamid
    Begriche, Youcef
    Serhrouchni, Ahmed
    2014 10TH INTERNATIONAL CONFERENCE ON INFORMATION ASSURANCE AND SECURITY (IAS), 2014, : 35 - 40
  • [35] Iatrogenic Iron Promotes Neurodegeneration and Activates Self-Protection of Neural Cells against Exogenous Iron Attacks
    Xia, Maosheng
    Liang, Shanshan
    Li, Shuai
    Ji, Ming
    Chen, Beina
    Zhang, Manman
    Dong, Chengyi
    Chen, Binjie
    Gong, Wenliang
    Wen, Gehua
    Zhan, Xiaoni
    Zhang, Dianjun
    Li, Xinyu
    Zhou, Yuefei
    Guan, Dawei
    Verkhratsky, Alexei
    Li, Baoman
    FUNCTION, 2021, 2 (02):
  • [36] Self-protection scheme against failures of distributed fiber links in an Ethernet passive optical network
    Chen, Jiajia
    Chen, Biao
    He, Sailing
    JOURNAL OF OPTICAL NETWORKING, 2006, 5 (09): : 662 - 666
  • [37] Self-protection against aminoglycoside ototoxicity in guinea pigs
    De Oliveira, JAA
    Canedo, DM
    Rossato, M
    De Andrade, MH
    OTOLARYNGOLOGY-HEAD AND NECK SURGERY, 2004, 131 (03) : 271 - 279
  • [38] Self-protection against repeated low probability risks
    Shafran, Aric P.
    JOURNAL OF RISK AND UNCERTAINTY, 2011, 42 (03) : 263 - 285
  • [39] Encoded program counter: Self-protection from buffer overflow attacks
    Lee, G
    Tyagi, A
    IC'2000: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INTERNET COMPUTING, 2000, : 387 - 393
  • [40] Self-protection by cardiac myocytes against hypoxia and hyperoxia
    Winegrad, S
    Henrion, D
    Rappaport, L
    Samuel, JL
    CIRCULATION RESEARCH, 1999, 85 (08) : 690 - 698
12345