一种基于HTML5的安全跨文档消息传递方案
发布时间:2019-04-08 17:05
【摘要】:全面分析现有基于HTML5的跨文档消息机制的安全性,指出其中存在的安全风险,并在此基础上设计和实现了跨文档消息传递方案SafePM.SafePM引入消息安全规则白名单,通过双向检测机制实现对消息收发的完全控制,通过消息内容安全控制机制消除内容中的安全隐患.同时加入自动安全检测以及安全规则隐藏等机制,从而防止消息泄露和篡改,减少跨站脚本执行的风险,实现安全的跨文档消息传递.
[Abstract]:This paper analyzes the security of the existing cross-document message mechanism based on HTML5, points out the security risks existing in it, and designs and implements the cross-document messaging scheme SafePM.SafePM to introduce the message security rules whitelist. Two-way detection mechanism is used to realize complete control of message receiving and sending, and message content security control mechanism is used to eliminate the security hidden trouble in the content. At the same time, automatic security detection and security rule hiding are added in order to prevent message leakage and tamper, reduce the risk of execution of cross-site scripts, and realize secure cross-document message delivery.
【作者单位】: 中国科学院研究生院国家计算机网络入侵防范中心;
【基金】:国家自然科学基金(60970140)资助
【分类号】:TP393.08
[Abstract]:This paper analyzes the security of the existing cross-document message mechanism based on HTML5, points out the security risks existing in it, and designs and implements the cross-document messaging scheme SafePM.SafePM to introduce the message security rules whitelist. Two-way detection mechanism is used to realize complete control of message receiving and sending, and message content security control mechanism is used to eliminate the security hidden trouble in the content. At the same time, automatic security detection and security rule hiding are added in order to prevent message leakage and tamper, reduce the risk of execution of cross-site scripts, and realize secure cross-document message delivery.
【作者单位】: 中国科学院研究生院国家计算机网络入侵防范中心;
【基金】:国家自然科学基金(60970140)资助
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 龙奇;;新一代网络技术标准HTML5的研究[J];科技信息;2011年10期
2 刘天寅;;HTML5与未来的WEB应用平台[J];阴山学刊(自然科学);2010年02期
3 顾e,
本文编号:2454759
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2454759.html
