通信学报 ›› 2016, Vol. 37 ›› Issue (10): 149-157.doi: 10.11959/j.issn.1000-436x.2016206

• 学术论文 • 上一篇    下一篇

HTML5应用程序缓存中毒攻击研究

贾岩1,王鹤1,吕少卿1,张玉清1,2   

  1. 1 西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安710071
    2 中国科学院大学国家计算机网络入侵防范中心,北京 101408
  • 出版日期:2016-10-25 发布日期:2016-10-25
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目;教育部—中国移动科研基金资助项目

Research on HTML5 application cache poison attack

Yan JIA1,He WANG1,Shao-qing LYU1,Yu-qing ZHANG1,2   

  1. 1 Information Security Research Center of State Key Laboratory of Integrated Services Networks,Xidian University,Xi'an 710071,China
    2 National Computer Network Intrusion Protection Center,University of Chinese Academy of Sciences,Beijing 101408,China
  • Online:2016-10-25 Published:2016-10-25
  • Supported by:
    The National Natural Science Foundation of China;The National Natural Science Foundation of China;Research Fund of Ministry of Education?China Mobile

摘要:

HTML5应用程序缓存使浏览器可以离线地访问Web应用,同时也产生了新的缓存中毒攻击手段。首先,对应用程序缓存中毒攻击的原理及危害进行了分析,然后针对使用应用程序缓存的站点,首次提出了 2 次替换manifest文件的新式缓存中毒攻击方法RFTM。在RFTM攻击中,服务器端不会收到客户端发送的异常HTTP请求,故对服务器进行配置无法防范,攻击更具隐蔽性。最后设计了一套能有效防止此类攻击的应用层轻量级签名防御方案Sec-Cache。实验表明Sec-Cache防御方案能够有效地防御RFTM攻击,并有良好的性能与兼容性。

关键词: Web安全, HTML5, 应用程序缓存, 缓存中毒攻击, 签名方案

Abstract:

HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manifest file twice to poison the client’s AppCache,was proposed.Compared with the original attack,the legal server would not receive abnormal HTTP requests from the client in the attack.Therefore,changing the server configuration could not prevent the client from the RFTM AppCache poisoning.To avoid the attack mentioned above,a lightweight signature defense scheme Sec-Cache in application layer was designed.Furthermore,experiments show that it has good performance and compatibility.

Key words: Web security, HTML5, application cache, cache poisoning attack, signature scheme

No Suggested Reading articles found!