|
UT Repository >
124 情報理工学系研究科 >
40 電子情報学専攻 >
1244025 修士論文(電子情報学専攻) >
Please use this identifier to cite or link to this item:
http://hdl.handle.net/2261/51738
|
| タイトル: | Dynamic Taint Propagation Based on Dynamic String Conversion Detection |
| その他のタイトル: | 動的な文字列変換の検出に基づくDTP |
| 著者: | Toi, Hiroshi |
| 著者(別言語): | 都井, 紘 |
| Issue Date: | 22-Mar-2012 |
| 抄録: | Currently, the security of web applications is faced with the threat of script injection attacks, such as cross-site scripting, and SQL injection. DTP (Dynamic Taint Propagation) has been established as a powerful technique for detecting script injection attacks, but current DTP systems suffer from a trade-off between false positives and false negatives. Therefore, Li et al. proposed an enhanced DTP system called SWIFT. SWIFT traces memory accesses, detects string operations, and only propagates tainted information under string operations. Although the basic idea of SWIFT is quite promising, they only showed a preliminary implementation on a simulator and failed to show advantage in accuracy over Raksha, which is one of the most sophisticated platform DTP systems. In this paper, we implement SWIFT to PHP interpreter to put SWIFT into practical use. Moreover, we succeeded to show that SWIFT has better propagation accuracy than Raksha in real-world web applications. |
| 内容記述: | 報告番号: ; 学位授与年月日: 2012-03-22 ; 学位の種別: 修士 ; 学位の種類: 修士(情報理工学) ; 学位記番号: ; 研究科・専攻: 情報理工学系研究科電子情報学専攻 |
| URI: | http://hdl.handle.net/2261/51738 |
| Appears in Collections: | 025 修士論文
1244025 修士論文(電子情報学専攻)
|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
|
