电信科学 ›› 2020, Vol. 36 ›› Issue (11): 113-120.doi: 10.11959/j.issn.1000-0801.2020294

• 专栏:信息安全 • 上一篇    下一篇

基于RASP的Web安全检测方法

余航,王帅,金华敏   

  1. 中国电信股份有限公司研究院,广东 广州 510630
  • 修回日期:2020-11-10 出版日期:2020-11-20 发布日期:2020-12-09
  • 作者简介:余航(1997- ),男,中国电信股份有限公司研究院工程师,主要研究方向为网络安全、安全攻防|王帅(1979- ),女,中国电信股份有限公司研究院高级工程师,主要研究方向为网络安全、安全攻防|金华敏(1972- ),男,中国电信股份有限公司研究院高级工程师,主要研究方向为IP网、云计算、大数据安全、网络安全

RASP based Web security detection method

Hang YU,Shuai WANG,Huamin JIN   

  1. Research Institute of China Telecom Co.,Ltd.,Guangzhou 510630,China
  • Revised:2020-11-10 Online:2020-11-20 Published:2020-12-09

摘要:

目前,传统的Web安全检测方法作用于程序输入输出端,不能防范经变形混淆后绕过检测进入程序内部执行的恶意代码,难以满足当前Web应用安全防护新需求。本方法基于对传统数据流监控方法风险的深入分析,结合RASP技术特性,提出了基于RASP的Web安全检测方法,在Web应用程序内部的权限判别函数参数、系统命令执行函数参数、数据库操作函数参数处埋下 RASP 探针,在代码解释器层面实时检测数据流的变化。本方法基于Java语言进行了实现,在实验室证明该方法在准确率和检测时间上优于传统的Web安全检测方法,并在最后分析提出了本方法的部署和应用场景。

关键词: Web应用程序, 网络安全, RASP, 安全监测

Abstract:

At present,the traditional Web security detection methods act on the input and output of the program,which can not prevent malicious code entering the program after being distorted and confused,and it is difficult to meet the new requirements of Web application security protection.Based on the in-depth analysis of the risk of traditional data flow monitoring methods,combined with the technical characteristics of rasp,a Web security detection method based on rasp was proposed.The rasp probe was embedded in the parameters of authority discrimination function,system command execution function and database operation function in Web application,and the change of data flow was detected in real-time at the code interpreter level.This method was implemented based on Java language.It was proved in the laboratory that this method is better than the traditional Web security detection method in accuracy and detection time.Finally,the deployment and application scenarios of this method were analyzed and proposed.

Key words: Web application, network security, RASP, security monitoring

中图分类号: 

No Suggested Reading articles found!