A Web Application Runtime Application Self-protection Scheme against Script Injection Attacks

被引：4

作者：

Yin, Zhongxu ^{[1
]}

Li, Zhufeng ^{[2
]}

Cao, Yan ^{[1
]}

机构：

[1] State Key Lab Math Engn & Adv Comp, Zhengzhou 450001, Henan, Peoples R China

[2] Zhengzhou Informat Sci & Technol Inst, Zhengzhou 450002, Henan, Peoples R China

来源：

CLOUD COMPUTING AND SECURITY, PT II | 2018年 / 11064卷

基金：

中国国家自然科学基金;

关键词：

Script injection; Program analyzing; Dataflow analyzing; Runtime application self-protection;

D O I：

10.1007/978-3-030-00009-7_51

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Script injection vulnerabilities are popular vulnerabilities in dynamic web applications. Necessary conditions were analyzed for the generation and exploitation of script injection vulnerabilities to provide protection against different injection types. Combined with the analysis of the host language and the object language, the statements were located with their types in the HTML statements. Based on the control flow graph, the data dependency relation subgraph containing source points and sink points was built. A filter insertion algorithm is designed for this sub-graph to define different input data type filtering strategies. Then a solution was implemented based on data flow analysis and automatic insertion of filters before relevant sink statements.

引用

页码：566 / 577

页数：12

共 50 条

[41] Self-protection against repeated low probability risks
Aric P. Shafran
Journal of Risk and Uncertainty, 2011, 42 : 263 - 285
[42] Runtime Defense against Code Injection Attacks Using Replicated Execution
Salamat, Babak
Jackson, Todd
Wagner, Gregor
Wimmer, Christian
Franz, Michael
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2011, 8 (04) : 588 - 601
[43] Analysis of Laravel Framework Security Techniques Against Web Application Attacks
Vanderlei, Igor
Araujo, Jean
Rocha, Rodrigo
Silva, Gabriel
Pacheco, Felipe
Dantas, Jamilson
PROCEEDINGS OF 2021 16TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI'2021), 2021,
[44] Use Remote Script to enhance web application
Wang, Gang
2000, Shanghai Comp Soc, China (26):
[45] Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks
Appelt, Dennis
Panichella, Annibale
Briand, Lionel
2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2017, : 339 - 350
[46] Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks
Naderi-Afooshteh, Abbas
Anh Nguyen-Tuong
Bagheri-Marzijarani, Mandana
Hiser, Jason D.
Davidson, Jack W.
2015 45TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, 2015, : 172 - 183
[47] SELF-PROTECTION AGAINST ROBBERIES - FRENCH - KABUNDI,M, NORMANDEAU,A
PAGE, J
CANADIAN JOURNAL OF CRIMINOLOGY-REVUE CANADIENNE DE CRIMINOLOGIE, 1988, 30 (01): : 83 - 84
[48] A review of self-protection deceptive jamming against chirp radars
Hanbali, Samer Baher Safa
Kastantin, Radwan
INTERNATIONAL JOURNAL OF MICROWAVE AND WIRELESS TECHNOLOGIES, 2017, 9 (09) : 1853 - 1861
[49] Survey of Web Application Vulnerability Attacks
AlKhurafi, Ossama B.
AlAhmad, Mohammad A.
2015 4TH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER SCIENCE APPLICATIONS AND TECHNOLOGIES (ACSAT), 2015, : 154 - 158
[50] Self-protection against crime: what do schools do?
Allen, W. David
APPLIED ECONOMICS, 2018, 50 (01) : 65 - 78

← 1 2 3 4 5 →