Research on SSTI attack defense technology based on instruction set randomization

被引：0

作者：

Wang, Jiang ^{[1
]}

Zhang, Zheng ^{[1
]}

Ma, Bolin ^{[1
]}

Yao, Yuan ^{[1
]}

Ji, Xinsheng ^{[2
]}

机构：

[1] State Key Lab Math Engn & Adv Comp, Zhengzhou, Peoples R China

[2] Informat Engn Univ, Zhengzhou, Peoples R China

来源：

PROCEEDINGS OF 2021 2ND INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND INFORMATION SYSTEMS (ICAIIS '21) | 2021年

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

SSTI; injection; template engine;

D O I：

10.1145/3469213.3471315

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

With the rapid development of the Internet industry, and because scripting languages such as Python, PHP, Ruby have the characteristics of rapid development and easy learning, they are often used in the development process of application programs. Template engine technology can realize the separation of front and back ends in the development process., So it is often used in the development process, but if the developer does not perform strict filtering during the development process of the template engine, the attacker can use the vulnerability to launch a server-side template injection attack (Server-Side-Template-Injection, SSTI), and the current defense methods are too passive because they rely on the detection rate and the prior knowledge of the attacker, so a SSTI defense technology based on randomization technology is proposed.

引用

页数：5

共 50 条

[31] Survey on Attack Surface Dynamic Transfer Technology Based on Moving Target Defense
Zhou Y.-Y.
Cheng G.
Guo C.-S.
Dai M.
Ruan Jian Xue Bao/Journal of Software, 2018, 29 (09): : 2799 - 2820
[32] Conversion technology of attack-defense formations based on improved MOPSO algorithm
Li, Wen-Bin
Shi, Hao-Bin
Li, Wei-Hua
Li, Zhong-Hua
Harbin Gongye Daxue Xuebao/Journal of Harbin Institute of Technology, 2010, 42 (SUPPL. 2): : 93 - 97
[33] A buffer overflow detection and defense method based on RISC-V instruction set extension
Chang Liu
Yan-Jun Wu
Jing-Zheng Wu
Chen Zhao
Cybersecurity, 6
[34] A buffer overflow detection and defense method based on RISC-V instruction set extension
Liu, Chang
Wu, Yan-Jun
Wu, Jing-Zheng
Zhao, Chen
CYBERSECURITY, 2023, 6 (01)
[35] Research on Teaching Methods and Contents of Public Security Institutions "Network Attack and Defense Technology" Course
Xu Guo-tian
NATIONAL TEACHING SEMINAR ON CRYPTOGRAPHY AND INFORMATION SECURITY (2010NTS-CIS), PROCEEDINGS, 2010, : 216 - 219
[36] Research on Basketball Confrontation Techniques in Attack and Defense
Qiang, Wei
Mei, Zhao Xiao
Chao, Xie
FUTURE INFORMATION TECHNOLOGY, 2011, 13 : 534 - 538
[37] Research on Phishing AP Attack Detection Technology Based on RSSI
Ling Jie
Jin Shuangqi
PROCEEDINGS OF THE 2016 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND ELECTRONIC TECHNOLOGY, 2016, 48 : 205 - 208
[38] Automated Instruction-Set Randomization for Web Applications in Diversified Redundant Systems
Majorczyk, Frederic
Demay, Jonathan-Christofer
2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2, 2009, : 978 - +
[39] Discussion on the Technology of Computer Network Hacker Attack and Defense
Zhu, Xinliang
PROCEEDINGS OF THE 2015 2ND INTERNATIONAL CONFERENCE ON ELECTRICAL, COMPUTER ENGINEERING AND ELECTRONICS (ICECEE 2015), 2015, 24 : 213 - 217
[40] RESEARCH AND TECHNOLOGY FOR STRATEGIC DEFENSE
RANKINE, RR
AEROSPACE AMERICA, 1984, 22 (04) : 64 - &

← 1 2 3 4 5 →