HTML5应用程序缓存中毒攻击研究

贾岩; 王鹤; 吕少卿; 张玉清

doi:10.11959/j.issn.1000-436x.2016206

您当前的位置：

首页 >

文章列表页 >

HTML5应用程序缓存中毒攻击研究

学术论文 | 更新时间：2024-06-05

- HTML5应用程序缓存中毒攻击研究
- Research on HTML5 application cache poison attack
- 通信学报 2016年37卷第10期页码：149-157
- 作者机构：
  
  1. 西安电子科技大学综合业务网理论及关键技术国家重点实验室，陕西西安710071
  2. 中国科学院大学国家计算机网络入侵防范中心，北京 101408
- 作者简介：
  
  [ "贾岩（1992-），男，河北石家庄人，西安电子科技大学博士生，主要研究方向为网络与系统安全。" ]
  [ "王鹤（1987-），女，河南滑县人，博士，西安电子科技大学讲师，主要研究方向为信息系统安全与量子密码。" ]
  [ "吕少卿（1987-），男，山西五寨人，西安电子科技大学博士生，主要研究方向为在线社交网络安全。" ]
  [ "张玉清（1966-），男，陕西宝鸡人，博士，中国科学院大学教授、博士生导师，主要研究方向为网络与信息系统安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61272481);国家自然科学基金资助项目(61572460);教育部—中国移动科研基金资助项目(MCM20130431)
- DOI：10.11959/j.issn.1000-436x.2016206
  中图分类号： TP393.08
- 网络出版日期：2016-10，
  
  纸质出版日期：2016-10-25
- 稿件说明：
移动端阅览
贾岩, 王鹤, 吕少卿, 等. HTML5应用程序缓存中毒攻击研究[J]. 通信学报, 2016,37(10):149-157.

Yan JIA, He WANG, Shao-qing LYU, et al. Research on HTML5 application cache poison attack[J]. Journal on communications, 2016, 37(10): 149-157.
贾岩, 王鹤, 吕少卿, 等. HTML5应用程序缓存中毒攻击研究[J]. 通信学报, 2016,37(10):149-157. DOI： 10.11959/j.issn.1000-436x.2016206.

Yan JIA, He WANG, Shao-qing LYU, et al. Research on HTML5 application cache poison attack[J]. Journal on communications, 2016, 37(10): 149-157. DOI： 10.11959/j.issn.1000-436x.2016206.

摘要

HTML5应用程序缓存使浏览器可以离线地访问Web应用，同时也产生了新的缓存中毒攻击手段。首先，对应用程序缓存中毒攻击的原理及危害进行了分析，然后针对使用应用程序缓存的站点，首次提出了 2 次替换manifest文件的新式缓存中毒攻击方法RFTM。在RFTM攻击中，服务器端不会收到客户端发送的异常HTTP请求，故对服务器进行配置无法防范，攻击更具隐蔽性。最后设计了一套能有效防止此类攻击的应用层轻量级签名防御方案Sec-Cache。实验表明Sec-Cache防御方案能够有效地防御RFTM攻击，并有良好的性能与兼容性。

Abstract

HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache

a novel poisoning method RFTM (replace file twice method)

in which the attacker replaced the manifest file twice to poison the client’s AppCache

was proposed.Compared with the original attack

the legal server would not receive abnormal HTTP requests from the client in the attack.Therefore

changing the server configuration could not prevent the client from the RFTM AppCache poisoning.To avoid the attack mentioned above

a lightweight signature defense scheme Sec-Cache in application layer was designed.Furthermore

experiments show that it has good performance and compatibility.

关键词

Keywords

references

LEENHEER N . How well does your browser support HTML5 [EB/OL ] . http://html5test.com http://html5test.com .

KUPPAN L . Attacking with HTML5 [EB/OL ] . http://www.andlabs.org http://www.andlabs.org .

ZALEWSKI M . Geolocation spoofing and other UI woes [EB/OL ] . http://seclists.org/bugtraq/2010/Aug/201 http://seclists.org/bugtraq/2010/Aug/201 .

SON S , SHMATIKOV V . The postman always rings twice:attacking and defending postMessage in HTML5 Websites [C ] // NDSS . 2013 .

王晓强 . 基于HTML5的CSRF攻击与防御技术研究 [D ] . 成都:电子科技大学 , 2013 .

WANG X Q . Research of CSRF attack and defense techniques based on HTML5 [D ] . Chengdu:University of Electronic Science and Technology of China , 2013 .

KULSHRESTHA A . An empirical study of HTML5 websockets and their cross browser behavior for mixed content and untrusted certificates [J ] . International Journal of Computer Applications , 2013 , 82 ( 6 ): 13 - 18 .

JIN X , HU X , YING K , et al . Code injection attacks on HTML5-based mobile apps:characterization,detection and mitigation [C ] // ACM SIGSAC Conference on Computer ＆ Communications Security . 2014 : 66 - 77 .

GILGER J . Persistent AppCache injections [EB/OL ] . https://heipei.github.io/2015/08/20/Persistent-AppCache-Injections/ https://heipei.github.io/2015/08/20/Persistent-AppCache-Injections/ .

JIA Y , CHEN Y , DONG X . Man-in-the-browser-cache:persisting https attacks via browser cache poisoning [J ] . Computers ＆ Security , 2015 : 62 - 80 .

HANNA S , CHUL E , SHIN R , et al . The Emperor's new APIs:on the (in) secure usage of new client-side primitives [J ] . W2sp Web Security＆ Privacy , 2010 .

李潇宇 , 张玉清 , 刘奇旭 , 等 . 一种基于HTML5的安全跨文档消息传递方案 [J ] . 中国科学院大学学报 , 2013 , 30 ( 1 ): 124 - 130 .

LI X Y , ZHANG Y Q , LIU Q X , et al . Secure cross document messaging scheme based on HTML5 [J ] . Journal of Graduate University of Chinese Academy of Sciences , 2013 , 30 ( 1 ): 124 - 130 .

TIAN Y , LIU Y C , BHOSALE A , et al . All your screens are belong to us:attacks exploiting the HTMl5 screen sharing API [C ] // Proceedings of the 2014 IEEE Symposium on Security and Privacy,IEEE Computer Society . 2014 : 34 - 48 .

HEIDERICH M , FROSCH T , JENSEN M , et al . Crouching tiger hidden payload:security risks of scalable vectors graphics [C ] // Proceedings of the 18th ACM Conference on Computer and Communications Security . 2011 : 239 - 250 .

JOHNS M , LEKIES S , STOCK B . Eradicating DNS rebinding with the extended same-origin policy [C ] // Usenix Conference on Security . 2013 : 621 - 636 .

LEE S , KIM H , KIM J . Identifying cross-origin resource status using application cache [C ] // Proc NDSS ’15 . 2015 .

HOMAKOV E . Using AppCache and service worker for evil [EB/OL ] . http://sakurity.com/blog/2015/08/13/middlekit.html http://sakurity.com/blog/2015/08/13/middlekit.html .

W3C . W3C.Offline Web applications-HTML5 [EB/OL ] . https://www.w3.org/TR/html5/browsers.html#offline https://www.w3.org/TR/html5/browsers.html#offline .

VALLENTIN M , BEN-DAVID Y . Persistent browser cache poisoning [R/OL ] . http://eecs.berkeley.edu/~yahel/papers/Browser-Cache-Poisoni ng.Song.Spring10.attack-project.pdf http://eecs.berkeley.edu/~yahel/papers/Browser-Cache-Poisoni ng.Song.Spring10.attack-project.pdf .

WALIULLAH M , GAN D . Wireless LAN security threats ＆ vulnerabilities:a literature review [J ] . International Journal of Advanced Computer Science ＆ Application , 2014 , 5 ( 1 ): 176 - 181 .

LAVA . Shell of the future:reverse web shell handler for XSS exploitation [EB/OL ] . http://www.andlabs.org/tools/sotf/sotf.html http://www.andlabs.org/tools/sotf/sotf.html .

LAVA . HTML5 based JavaScript network reconnaissance tool [EB/OL ] . http://www.andlabs.org/tools/jsrecon.html http://www.andlabs.org/tools/jsrecon.html .

MARLINSPIKE M . A tool for exploiting moxie marlinspike's SSL"stripping"Attack [EB/OL ] . https://github.com/ moxie0/sslstrip https://github.com/ moxie0/sslstrip .

Internet Engineering Task Force . HTTP strict transport security (HSTS) [S/OL ] . https://tools.ietf.org/html/ rfc6797 https://tools.ietf.org/html/ rfc6797 .

浏览量

1359

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向网络环境的SQL注入行为检测方法