基于HTML5的Web平台安全技术研究
发布时间:2019-01-23 12:35
【摘要】:HTML5技术由于其对移动设备的良好支持、跨浏览器、易使用等特点,已经在Web应用中越来越流行。然而HTML5兴起的同时也带来了一些安全问题。HTML5中仍然存在着旧的攻击形式例如跨站脚本攻击、点击劫持攻击、跨站请求伪造攻击等,同时HTML也引入了一些新的攻击方式,例如API的滥用、离线应用缓存中毒、本地存储攻击等等。因此在HTML5越来越流行的同时,其带来的安全漏洞导致的危害的也越来越严重,本文所研究的基于HTML5的Web安全及防御也有重要的意义。本文针对当前HTML5最主要的攻击即跨站脚本攻击进行了详细的研究和分析,深入研究了跨站脚本攻击的入侵检测算法,设计了基于跨站脚本攻击的防御模型,并实现了防御系统,本文主要的工作如下:(1)提出了基于HTML5的XSS攻击防御模型。对该模型的总体架构进行了设计,防御模型分为客户端、入侵检测以及服务端三部分,详细阐述了各部分的工作原理。(2)研究并实现了 XSS入侵检测算法。采用字符串匹配算法对XSS攻击进行入侵检测,并对常见的KMP算法进行改进,将改进后的算法应用到XSS防御系统中。(3)设计并实现了基于HTML5的XSS攻击防御系统。对系统总体框架进行设计,并对三个主要模块客户端防御模块、入侵检测模块和服务端防御模块进行了详细设计,并给出具体的实现方案。(4)对XSS攻击防御模型进行试验和评测。评测表明,本文提出的基于HTML5的XSS攻击防御模型能够满足一般的Web应用对于跨站脚本攻击的防御要求。
[Abstract]:HTML5 technology has become more and more popular in Web applications because of its good support for mobile devices, cross-browser, easy to use and so on. However, the rise of HTML5 also brings some security problems. There are still some old attack forms in HTML5, such as cross-site script attack, click-hijacking attack, cross-station request forgery attack, etc. At the same time, HTML also introduces some new attack methods. For example, API abuse, offline application cache poisoning, local storage attacks, and so on. Therefore, as HTML5 becomes more and more popular, the harm caused by security vulnerabilities is becoming more and more serious. The research on Web security and defense based on HTML5 in this paper is also of great significance. This paper makes a detailed study and analysis on the most important attack of HTML5, I. e., cross-station script attack, deeply studies the intrusion detection algorithm of cross-station script attack, designs a defense model based on cross-station script attack, and implements a defense system. The main work of this paper is as follows: (1) A XSS attack defense model based on HTML5 is proposed. The overall architecture of the model is designed. The defense model is divided into three parts: client, intrusion detection and service. The working principle of each part is described in detail. (2) the XSS intrusion detection algorithm is studied and implemented. The string matching algorithm is used to detect the XSS attack, and the common KMP algorithm is improved. The improved algorithm is applied to the XSS defense system. (3) the XSS attack defense system based on HTML5 is designed and implemented. The overall framework of the system is designed, and the three main modules, the client defense module, the intrusion detection module and the server defense module, are designed in detail. The implementation scheme is given. (4) the XSS attack defense model is tested and evaluated. The evaluation results show that the proposed XSS attack defense model based on HTML5 can meet the requirements of general Web applications for cross-site scripting attacks.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2413777
[Abstract]:HTML5 technology has become more and more popular in Web applications because of its good support for mobile devices, cross-browser, easy to use and so on. However, the rise of HTML5 also brings some security problems. There are still some old attack forms in HTML5, such as cross-site script attack, click-hijacking attack, cross-station request forgery attack, etc. At the same time, HTML also introduces some new attack methods. For example, API abuse, offline application cache poisoning, local storage attacks, and so on. Therefore, as HTML5 becomes more and more popular, the harm caused by security vulnerabilities is becoming more and more serious. The research on Web security and defense based on HTML5 in this paper is also of great significance. This paper makes a detailed study and analysis on the most important attack of HTML5, I. e., cross-station script attack, deeply studies the intrusion detection algorithm of cross-station script attack, designs a defense model based on cross-station script attack, and implements a defense system. The main work of this paper is as follows: (1) A XSS attack defense model based on HTML5 is proposed. The overall architecture of the model is designed. The defense model is divided into three parts: client, intrusion detection and service. The working principle of each part is described in detail. (2) the XSS intrusion detection algorithm is studied and implemented. The string matching algorithm is used to detect the XSS attack, and the common KMP algorithm is improved. The improved algorithm is applied to the XSS defense system. (3) the XSS attack defense system based on HTML5 is designed and implemented. The overall framework of the system is designed, and the three main modules, the client defense module, the intrusion detection module and the server defense module, are designed in detail. The implementation scheme is given. (4) the XSS attack defense model is tested and evaluated. The evaluation results show that the proposed XSS attack defense model based on HTML5 can meet the requirements of general Web applications for cross-site scripting attacks.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 贾岩;王鹤;吕少卿;张玉清;;HTML5应用程序缓存中毒攻击研究[J];通信学报;2016年10期
2 张玉清;贾岩;雷柯楠;吕少卿;乐洪舟;;HTML5新特性安全研究综述[J];计算机研究与发展;2016年10期
3 李驰;李林;;基于HTML5的Web前端安全性研究[J];软件导刊;2016年05期
4 瞿苏;;浅析HTML5数据存储的方法及应用[J];电脑知识与技术;2016年13期
5 刘艳平;俞海英;;基于HTML5的Application Cache技术研究[J];微型机与应用;2015年20期
6 鲍泽民;王根英;李娟;;跨站脚本攻击客户端防御技术研究[J];铁路计算机应用;2015年07期
7 刘宇;闵栋;;HTML5在移动互联网中的机遇与挑战[J];电信网技术;2013年05期
8 张剑;陈剑锋;王强;;HTML5新特性及其安全性研究[J];信息安全与通信保密;2013年05期
9 蒋宇捷;;从HTML5移动应用现状谈发展趋势[J];程序员;2013年05期
10 孙松柏;Ali Abbasi;诸葛建伟;段海新;王珩;;HTML5安全研究[J];计算机应用与软件;2013年03期
相关硕士学位论文 前3条
1 王晓强;基于HTML5的CSRF攻击与防御技术研究[D];电子科技大学;2013年
2 吴晓恒;跨站脚本攻击的防御技术研究[D];上海交通大学;2011年
3 邱勇杰;跨站脚本攻击与防御技术研究[D];北京交通大学;2010年
,本文编号:2413777
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2413777.html
