repository
A ROBUST DEFENCE AGAINST CONTENT-SNIFFING XSS ATTACKS
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | 이경석 | - |
| dc.contributor.author | Tadesse, Misganaw | - |
| dc.date.accessioned | 2018-11-08T07:59:39Z | - |
| dc.date.available | 2018-11-08T07:59:39Z | - |
| dc.date.issued | 2010-08 | - |
| dc.identifier.other | 10972 | - |
| dc.identifier.uri | https://dspace.ajou.ac.kr/handle/2018.oak/9533 | - |
| dc.description | 학위논문(석사)--아주대학교 일반대학원 :컴퓨터공학과,2010. 8 | - |
| dc.description.tableofcontents | 1.Introduction 1 1.1 Purpose of Research 2 1.2 Contents and Method of Research 4 2 Related Work 7 3 Attack Example 11 4 Proposed Scheme 16 5 Analysis of the Proposed Scheme 23 5.1 False Positive 23 5.2 False Negative 24 5.3 Time Overhead 25 6.Conclusion and future work 26 | - |
| dc.language.iso | eng | - |
| dc.publisher | The Graduate School, Ajou University | - |
| dc.rights | 아주대학교 논문은 저작권에 의해 보호받습니다. | - |
| dc.title | A ROBUST DEFENCE AGAINST CONTENT-SNIFFING XSS ATTACKS | - |
| dc.title.alternative | 콘텐츠 스니핑을 통한 크로스사이트 스크립팅 공격의 방어 기법 | - |
| dc.type | Thesis | - |
| dc.contributor.affiliation | 아주대학교 일반대학원 | - |
| dc.contributor.department | 일반대학원 컴퓨터공학과 | - |
| dc.date.awarded | 2010. 8 | - |
| dc.description.degree | Master | - |
| dc.identifier.localId | 568904 | - |
| dc.identifier.url | http://dcoll.ajou.ac.kr:9080/dcollection/jsp/common/DcLoOrgPer.jsp?sItemId=000000010972 | - |
| dc.subject.keyword | Computer Engineering | - |
| dc.description.alternativeAbstract | Many Web sites such as MySpace, Facebook and Twitter allow their users to upload files. However when a Web sites Content- Sniffing algorithm differs from a browsers Content- Sniffing algorithm, an attacker can often mount a Content-Sniffing XSS attack on the visitor. That is, by carefully embedding HTML code containing malicious script into a non-HTML file and uploading this file to the Web site, an attacker can deceive the visitors browser into assuming the file as HTML file and run the script code. However Content- Sniffing XSS attack can be avoided if files uploaded on the server are checked for HTML codes. In this paper we implemented a server-side ingress filter that aims to protect vulnerable browsers which may treat non-HTML files as HTML files. Our filter examines user-uploaded files against a set of potentially dangerous HTML elements (a set of regular expressions). The results of our experiment show that our automata-based scheme is highly efficient and more accurate than existing signature-based approach. | - |
- Appears in Collections:
- Graduate School of Ajou University > Department of Computer Engineering > 3. Theses(Master)
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
-
- License
- STATISTICS
- Total Visit :3,549,661
- Total Download :1,795
- Today View :12,026
