基于代码重写的动态污点分析  被引量:1

Dynamic taint analysis based on code rewriting

在线阅读下载全文

作  者:梁威 洪倩 Liang Wei;Hong Qian(Petersburg Aviation Institute,Zhongyuan University of Technology,Zhengzhou 450007,China;Jiangxi Fifth People's Hospital,Nanchang 330046,China)

机构地区:[1]中原工学院彼得堡航空学院,河南郑州450007 [2]江西省第五人民医院,江西南昌330046

出  处:《信息技术与网络安全》2022年第2期33-38,共6页Information Technology and Network Security

摘  要:当前,Web技术更新速度很快,JavaScript(JS)语言应用日益广泛,但同时也出现了许多安全风险,特别是现在的Web应用程序响应速度要求越来越高,更加剧了Web安全威胁。为此,研究了基于代码重写的动态JavaScript污点分析,借助重写JavaScript在代码运行过程中标记并跟踪敏感数据,检测数据泄漏并及时反馈。与传统动态污点分析方法不同,该方法无需依赖JS引擎,可以应用于各种浏览器,能高效精准地标记、跟踪、检测敏感数据泄露,提高Web安全性。At present,the update speed of Web technology is very fast,and JavaScript(JS)language is used more and more widely,at the same time,there are many security risks.In particular,the requirements for the response speed of Web applications are becoming higher and higher,which exacerbates the threat of Web security.Therefore,this paper studies the dynamic JavaScript taint analysis based on code rewriting,marks and tracks sensitive data during code operation with the help of rewriting JavaScript,detects data leakage and gives feedback in time.Different from the traditional dynamic taint analysis method,the proposed method does not need to rely on JS engine,can be applied to various browsers,can efficiently and accurately mark,track and detect sensitive data leakage,and improve Web security.

关 键 词:代码重写 JAVASCRIPT 动态污点 信息流分析 WEB安全 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象