检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:陈震杭 王张宜 彭国军[1] 夏志坚 CHEN Zhenhang;WANG Zhangyi;PENG Guojun;XIA Zhijian(Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan Hubei 430072, China;Baidu Inc., Beijing 100085, China)
机构地区:[1]空天信息安全与可信计算教育部重点实验室武汉大学国家网络安全学院,湖北武汉430072 [2]百度科技有限公司,北京100085
出 处:《信息网络安全》2018年第4期47-55,共9页Netinfo Security
基 金:国家自然科学基金[61332019;61202387;61373168];国家重点基础研究发展计划(973计划)[2014CB340600];NSFC-通用技术基础研究联合基金[U1636107]
摘 要:针对大部分Web应用在反序列化漏洞防护措施上存在不足,只能在漏洞公开后实行应急措施,无法应对未公开的漏洞攻击的问题,文章通过对PHP反序列化机制的研究,将PHP的敏感函数调用栈作为研究出发点,以Web应用正常运行时的函数调用栈作为判定依据,实现了一个基于敏感函数调用栈的未知反序列化漏洞动态检测与拦截系统。通过对4个PHPWeb应用的6个反序列化漏洞的实验测试可知,该系统可成功拦截当前所有PHP反序列化漏洞攻击,并能够提取或回溯漏洞攻击所构造的POP攻击链,实现零误报。系统平均性能消耗为3.67%。Most Web applications could not be able to defend the unknown PHP deserialization vulnerabilities attack. The common solution is making some emergency measures after the vulnerabilities have been disclosed. This article studies the PHP deserialization mechanism and takes the sensitive function call stack as a starting point for research. Taking the function call stack of Web application in normal running as the basis of judgment, this article implements an unknown PHP deserialization vulnerabilities dynamic detection and interception system based on the sensitive function call stack. Experimental tests of 6 deserialization vulnerabilities in 4 PHP Web applications show that the system can successfully intercept all current PHP deserialization vulnerabilities attacks and can extract or trace the POP attack chains constructed by the attacks. The system achieves zero false positives with an average performance cost of 3.67%.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.217.212.222