網頁弱點最佳化補強
在這篇論文中我們利用程式碼補強達到使有害的攻擊字串用最小的編輯成本去修正成無害的一般字串,主要分為兩個階段,第一階段,我們利用一個安全性分析工具Stranger來分析使用者的PHP原始碼,藉此找到可能被程式碼注入的攻擊點,並產生基於確定有限狀態自動機基礎的安全特徵,這個安全特徵包含了所有可被接受的無害字串可以當作攻擊過濾器使用,第二階段,我們採取基於文字與自動機之間最短編輯距離的演算法來以最少成本修正攻擊字串,有害的攻擊字串會被一個最少變動的無害字串所取代,我們結合所提出的方法來測試一些網頁跟回報實驗結果 === The security problems of web application...
Main Authors: | , |
---|---|
Language: | 英文 |
Published: |
國立政治大學
|
Subjects: | |
Online Access: | http://thesis.lib.nccu.edu.tw/cgi-bin/cdrfb3/gsweb.cgi?o=dstdcdr&i=sid=%22G0101356020%22. |
id |
ndltd-CHENGCHI-G0101356020 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-CHENGCHI-G01013560202014-07-30T03:33:36Z 網頁弱點最佳化補強 Patching web application vulnerabilities with optimal word correction algorithm 薛慶源 Shueh, Ching Yuan 網路安全 弱點補強 文字修正 文字分析 Web Security Patch Synthesis Word Correction Word Analysis 在這篇論文中我們利用程式碼補強達到使有害的攻擊字串用最小的編輯成本去修正成無害的一般字串,主要分為兩個階段,第一階段,我們利用一個安全性分析工具Stranger來分析使用者的PHP原始碼,藉此找到可能被程式碼注入的攻擊點,並產生基於確定有限狀態自動機基礎的安全特徵,這個安全特徵包含了所有可被接受的無害字串可以當作攻擊過濾器使用,第二階段,我們採取基於文字與自動機之間最短編輯距離的演算法來以最少成本修正攻擊字串,有害的攻擊字串會被一個最少變動的無害字串所取代,我們結合所提出的方法來測試一些網頁跟回報實驗結果 The security problems of web application are always questioned and concerned by users because that can cause huge loss of nancial and privacy. We want to provide a online service that is open to public users, who can access and upload their codes to check for potential vulnerabilities. Moreover, if there exist vulnerabilities and may be cause damages, it will guide users how they can edit their codes through a easy way step by step. In this paper, we propose an optimal word correction approach for patching string related vulnerabilities in web applications. To be brief, we synthesize patches that sanitize malicious inputs to normal ones with the shortest edit distance. The analysis consists of two phases: First, we use automata based static string analysis techniques called Stranger to detect vulnerabilities in web applications, and generate sanitization signatures that accept un-malicious inputs as an input lter that ensures the vulnerabilities are not exploited with respect to given attack patterns. Second, we adopt the shortest edit-distance algorithms between words and automata to nd a minimum way on the cost of edit distance to patch malicious inputs. A malicious input (not accepted by the sanitization signature) is replaced with an unmalicious string and has the minimum change of character from the original input. We integrate the presented approach with Stranger and report the result of experiments on various web applications. 國立政治大學 http://thesis.lib.nccu.edu.tw/cgi-bin/cdrfb3/gsweb.cgi?o=dstdcdr&i=sid=%22G0101356020%22. text 英文 Copyright © nccu library on behalf of the copyright holders |
collection |
NDLTD |
language |
英文 |
sources |
NDLTD |
topic |
網路安全 弱點補強 文字修正 文字分析 Web Security Patch Synthesis Word Correction Word Analysis |
spellingShingle |
網路安全 弱點補強 文字修正 文字分析 Web Security Patch Synthesis Word Correction Word Analysis 薛慶源 Shueh, Ching Yuan 網頁弱點最佳化補強 |
description |
在這篇論文中我們利用程式碼補強達到使有害的攻擊字串用最小的編輯成本去修正成無害的一般字串,主要分為兩個階段,第一階段,我們利用一個安全性分析工具Stranger來分析使用者的PHP原始碼,藉此找到可能被程式碼注入的攻擊點,並產生基於確定有限狀態自動機基礎的安全特徵,這個安全特徵包含了所有可被接受的無害字串可以當作攻擊過濾器使用,第二階段,我們採取基於文字與自動機之間最短編輯距離的演算法來以最少成本修正攻擊字串,有害的攻擊字串會被一個最少變動的無害字串所取代,我們結合所提出的方法來測試一些網頁跟回報實驗結果 === The security problems of web application are always questioned and
concerned by users because that can cause huge loss of nancial and
privacy. We want to provide a online service that is open to public
users, who can access and upload their codes to check for potential vulnerabilities.
Moreover, if there exist vulnerabilities and may be cause
damages, it will guide users how they can edit their codes through a
easy way step by step.
In this paper, we propose an optimal word correction approach for
patching string related vulnerabilities in web applications. To be brief,
we synthesize patches that sanitize malicious inputs to normal ones
with the shortest edit distance. The analysis consists of two phases:
First, we use automata based static string analysis techniques called
Stranger to detect vulnerabilities in web applications, and generate
sanitization signatures that accept un-malicious inputs as an input
lter that ensures the vulnerabilities are not exploited with respect
to given attack patterns. Second, we adopt the shortest edit-distance
algorithms between words and automata to nd a minimum way on
the cost of edit distance to patch malicious inputs. A malicious input
(not accepted by the sanitization signature) is replaced with an unmalicious
string and has the minimum change of character from the
original input. We integrate the presented approach with Stranger
and report the result of experiments on various web applications. |
author |
薛慶源 Shueh, Ching Yuan |
author_facet |
薛慶源 Shueh, Ching Yuan |
author_sort |
薛慶源 |
title |
網頁弱點最佳化補強 |
title_short |
網頁弱點最佳化補強 |
title_full |
網頁弱點最佳化補強 |
title_fullStr |
網頁弱點最佳化補強 |
title_full_unstemmed |
網頁弱點最佳化補強 |
title_sort |
網頁弱點最佳化補強 |
publisher |
國立政治大學 |
url |
http://thesis.lib.nccu.edu.tw/cgi-bin/cdrfb3/gsweb.cgi?o=dstdcdr&i=sid=%22G0101356020%22. |
work_keys_str_mv |
AT xuēqìngyuán wǎngyèruòdiǎnzuìjiāhuàbǔqiáng AT shuehchingyuan wǎngyèruòdiǎnzuìjiāhuàbǔqiáng AT xuēqìngyuán patchingwebapplicationvulnerabilitieswithoptimalwordcorrectionalgorithm AT shuehchingyuan patchingwebapplicationvulnerabilitieswithoptimalwordcorrectionalgorithm |
_version_ |
1716709710138179584 |