repository
A ROBUST DEFENCE AGAINST CONTENT-SNIFFING XSS ATTACKS
- Alternative Title
- 콘텐츠 스니핑을 통한 크로스사이트 스크립팅 공격의 방어 기법
- Author(s)
- Tadesse, Misganaw
- Advisor
- 이경석
- Department
- 일반대학원 컴퓨터공학과
- Publisher
- The Graduate School, Ajou University
- Publication Year
- 2010-08
- Language
- eng
- Keyword
- Computer Engineering
- Alternative Abstract
- Many Web sites such as MySpace, Facebook and Twitter allow their users to upload files. However when a Web sites Content- Sniffing algorithm differs from a browsers Content- Sniffing algorithm, an attacker can often mount a Content-Sniffing XSS attack on the visitor. That is, by carefully embedding HTML code containing malicious script into a non-HTML file and uploading this file to the Web site, an attacker can deceive the visitors browser into assuming the file as HTML file and run the script code. However Content- Sniffing XSS attack can be avoided if files uploaded on the server are checked for HTML codes. In this paper we implemented a server-side ingress filter that aims to protect vulnerable browsers which may treat non-HTML files as HTML files. Our filter examines user-uploaded files against a set of potentially dangerous HTML elements (a set of regular expressions). The results of our experiment show that our automata-based scheme is highly efficient and more accurate than existing signature-based approach.
- Fulltext
- Appears in Collections:
- Graduate School of Ajou University > Department of Computer Engineering > 3. Theses(Master)
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
-
- License
- STATISTICS
- Total Visit :2,964,368
- Total Download :1,695
- Today View :10,754
