Research on SSTI attack defense technology based on instruction set randomization

被引：0

作者：

Wang, Jiang ^{[1
]}

Zhang, Zheng ^{[1
]}

Ma, Bolin ^{[1
]}

Yao, Yuan ^{[1
]}

Ji, Xinsheng ^{[2
]}

机构：

[1] State Key Lab Math Engn & Adv Comp, Zhengzhou, Peoples R China

[2] Informat Engn Univ, Zhengzhou, Peoples R China

来源：

PROCEEDINGS OF 2021 2ND INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND INFORMATION SYSTEMS (ICAIIS '21) | 2021年

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

SSTI; injection; template engine;

D O I：

10.1145/3469213.3471315

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

With the rapid development of the Internet industry, and because scripting languages such as Python, PHP, Ruby have the characteristics of rapid development and easy learning, they are often used in the development process of application programs. Template engine technology can realize the separation of front and back ends in the development process., So it is often used in the development process, but if the developer does not perform strict filtering during the development process of the template engine, the attacker can use the vulnerability to launch a server-side template injection attack (Server-Side-Template-Injection, SSTI), and the current defense methods are too passive because they rely on the detection rate and the prior knowledge of the attacker, so a SSTI defense technology based on randomization technology is proposed.

引用

页数：5

共 50 条

[1] XSS Attack Detection and Prevention System Based on Instruction Set Randomization
Wang, Qijin
Huang, Jun
Qi, Xiaoxia
2019 INTERNATIONAL CONFERENCE ON ADVANCED ELECTRONIC MATERIALS, COMPUTERS AND MATERIALS ENGINEERING (AEMCME 2019), 2019, 563
[2] Research on Network Attack and Defense Based on Artificial Intelligence Technology
Li, Mingxuan
Yang, Zhushi
Zhong, Jinsong
He, Ling
Teng, Yangxin
PROCEEDINGS OF 2020 IEEE 4TH INFORMATION TECHNOLOGY, NETWORKING, ELECTRONIC AND AUTOMATION CONTROL CONFERENCE (ITNEC 2020), 2020, : 2532 - 2534
[3] Research of ROP attack and defense technology based on ARM architecture
Cai, Qi
Guo, Jingbo
PROCEEDINGS OF THE 2016 4TH INTERNATIONAL CONFERENCE ON ELECTRICAL & ELECTRONICS ENGINEERING AND COMPUTER SCIENCE (ICEEECS 2016), 2016, 50 : 1041 - 1046
[4] Reviving Instruction Set Randomization
Sinha, Kanad
Kemerlis, Vasileios P.
Sethumadhavan, Simha
2017 IEEE INTERNATIONAL SYMPOSIUM ON HARDWARE ORIENTED SECURITY AND TRUST (HOST), 2017, : 21 - 28
[5] Research of LAN Security Attack and Defense Technology
Peng, Ying
Wang, Rongfu
PROCEEDINGS OF THE 2016 2ND WORKSHOP ON ADVANCED RESEARCH AND TECHNOLOGY IN INDUSTRY APPLICATIONS, 2016, 81 : 239 - 242
[6] Research on Attack-defense Technology Based on Web Server Side
Gao, He
Shi, Yijie
Gao, Yan
Zhang, Qiuyu
PROCEEDINGS OF THE 2015 3RD INTERNATIONAL CONFERENCE ON MACHINERY, MATERIALS AND INFORMATION TECHNOLOGY APPLICATIONS, 2015, 35 : 1684 - 1688
[7] Research and implementation of network attack and defense countermeasure technology based on artificial intelligence technology
Shu, Fei
Chen, ShuTing
Li, Feng
Zhang, JianYe
Chen, Jia
PROCEEDINGS OF 2020 IEEE 5TH INFORMATION TECHNOLOGY AND MECHATRONICS ENGINEERING CONFERENCE (ITOEC 2020), 2020, : 475 - 478
[8] Research and Application of APT Attack Defense and Detection Technology Based on Big Data Technology
Liu, Donglan
Zhang, Hao
Yu, Hao
Liu, Xin
Zhao, Yong
Lv, Guodong
PROCEEDINGS OF 2019 IEEE 9TH INTERNATIONAL CONFERENCE ON ELECTRONICS INFORMATION AND EMERGENCY COMMUNICATION (ICEIEC 2019), 2019, : 701 - 704
[9] On Architectural Support for Instruction Set Randomization
Christou, George
Vasiliadis, Giorgos
Papaefstathiou, Vassilis
Papadogiannakis, Antonis
Ioannidis, Sotiris
ACM TRANSACTIONS ON ARCHITECTURE AND CODE OPTIMIZATION, 2020, 17 (04)
[10] The Research and Application of the NDP Protocol Vulnerability Attack and the Defense Technology Based on SEND
Xi, Huixing
MATERIALS SCIENCE, ENERGY TECHNOLOGY, AND POWER ENGINEERING I, 2017, 1839

← 1 2 3 4 5 →