WEKO3
アイテム
Dynamic Taint Propagation Based on Dynamic String Conversion Detection
http://hdl.handle.net/2261/51738
http://hdl.handle.net/2261/517386b0eabab-401e-460c-acf1-293eff5d2a1a
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
48106425.pdf (559.4 kB)
|
|
| Item type | 学位論文 / Thesis or Dissertation(1) | |||||
|---|---|---|---|---|---|---|
| 公開日 | 2012-05-29 | |||||
| タイトル | ||||||
| タイトル | Dynamic Taint Propagation Based on Dynamic String Conversion Detection | |||||
| 言語 | ||||||
| 言語 | eng | |||||
| 資源タイプ | ||||||
| 資源 | http://purl.org/coar/resource_type/c_46ec | |||||
| タイプ | thesis | |||||
| その他のタイトル | ||||||
| その他のタイトル | 動的な文字列変換の検出に基づくDTP | |||||
| 著者 |
Toi, Hiroshi
× Toi, Hiroshi |
|||||
| 著者別名 | ||||||
| 識別子Scheme | WEKO | |||||
| 識別子 | 8203 | |||||
| 姓名 | 都井, 紘 | |||||
| 著者所属 | ||||||
| 著者所属 | 東京大学大学院情報理工学系研究科電子情報学専攻 | |||||
| 著者所属 | ||||||
| 著者所属 | Department of Information and Communication Engineering, Graduate School of Information Science and Technology, The University of Tokyo | |||||
| Abstract | ||||||
| 内容記述タイプ | Abstract | |||||
| 内容記述 | Currently, the security of web applications is faced with the threat of script injection attacks, such as cross-site scripting, and SQL injection. DTP (Dynamic Taint Propagation) has been established as a powerful technique for detecting script injection attacks, but current DTP systems suffer from a trade-off between false positives and false negatives. Therefore, Li et al. proposed an enhanced DTP system called SWIFT. SWIFT traces memory accesses, detects string operations, and only propagates tainted information under string operations. Although the basic idea of SWIFT is quite promising, they only showed a preliminary implementation on a simulator and failed to show advantage in accuracy over Raksha, which is one of the most sophisticated platform DTP systems. In this paper, we implement SWIFT to PHP interpreter to put SWIFT into practical use. Moreover, we succeeded to show that SWIFT has better propagation accuracy than Raksha in real-world web applications. | |||||
| 書誌情報 | 発行日 2012-03-22 | |||||
| 日本十進分類法 | ||||||
| 主題Scheme | NDC | |||||
| 主題 | 007 | |||||
| 学位名 | ||||||
| 学位名 | 修士(情報理工学) | |||||
| 学位 | ||||||
| 値 | master | |||||
| 研究科・専攻 | ||||||
| 情報理工学系研究科電子情報学専攻 | ||||||
| 学位授与年月日 | ||||||
| 学位授与年月日 | 2012-03-22 | |||||
