现代浏览器中Cookie同源策略测试框架的设计与实现  被引量:4

Framework for Sop Testing of Cookies in Modern Browser

在线阅读下载全文

作  者:梁浩喆 马进[1,2] 陈秀真[1,2] 杨潇[1] LIANG Hao-zhe;MA Jin;CHEN Xiu-zhen;YANG Xiao(School of Cyber Security,Shanghai Jiaotong University,Shanghai 200240,China;Shanghai Key Laboratory of Integrated Administration Technologies for Information Security,Shanghai 200240,China)

机构地区:[1]上海交通大学网络空间安全学院,上海200240 [2]上海市信息安全综合管理技术研究重点实验室,上海200240

出  处:《通信技术》2019年第12期3039-3045,共7页Communications Technology

摘  要:现代Web应用中广泛使用Cookie保存信息,而信息安全中个人隐私保护的一个重要方向就是Cookie的保护。一般认为,Cookie的写入与发送遵守Web文档的同源策略,但是对于Cookie的源的定义并不清晰,加之能触发HTTP请求的手段很多,Cookie的发送与写入规则即特定的Cookie在哪些Web文档中能用何种手段发送也不甚明了,这些模糊性增加了Cookie泄露的风险。为了厘清这些规则,降低信息泄露的风险,提出了一种对Cookie写入与发送规则的规范描述方式,并依据所需描述的规则,设计且实现了关于Cookie同源策略的测试框架。Cookies are widely used in modern web applications to save information,and an important aspect of personal privacy protection in information security is the protection of cookies.It is generally believed that the writing and sending of cookies follow the same-origin policy of Web documents.However,the definition of the source of a cookie is not clear.In addition,there are many ways to trigger an HTTP request.The rules for sending and writing cookies,that is,which web documents can be used to send specific cookies,are not clear.These ambiguities increase the risk of cookie leakage.In order to clarify these rules and reduce the risk of information leakage,a standardized description method of cookie writing and sending rules is proposed.According to the rules needed to be described,a testing framework for cookie homology strategy is designed and implemented.

关 键 词:COOKIE 同源策略 WEB应用 现代浏览器 HTML元素 

分 类 号:TP393.408[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象