1 Gumblar Fig. 1 Flow of Gumblar attack. Fig. 2 2 RequestPolicy Example of operation based on RequestPolicy. (3-b) (4) PC (5) Web Web Web Web Gumblar

Similar documents
29 jjencode JavaScript

Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m

IP ( ) IP ( ) IP DNS Web Web DNS Web DNS DNS 利用者 1 利用者 2 東京都調布市の天気情報を応答 東京都調布市の天気を問い合わせ 北海道旭川市の天気を問い合わせ 北海道旭川市の天気情報を応答 Fig. 1 1 DNS サーバ 東京都調布市の天気情報 We

WebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i

3_23.dvi

IPSJ SIG Technical Report Vol.2013-GN-86 No.35 Vol.2013-CDS-6 No /1/17 1,a) 2,b) (1) (2) (3) Development of Mobile Multilingual Medical

& Vol.5 No (Oct. 2015) TV 1,2,a) , Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Ro

9_18.dvi

1 Fig. 1 Extraction of motion,.,,, 4,,, 3., 1, 2. 2.,. CHLAC,. 2.1,. (256 ).,., CHLAC. CHLAC, HLAC. 2.3 (HLAC ) r,.,. HLAC. N. 2 HLAC Fig. 2

& Vol.2 No (Mar. 2012) 1,a) , Bluetooth A Health Management Service by Cell Phones and Its Us

Table 1. Reluctance equalization design. Fig. 2. Voltage vector of LSynRM. Fig. 4. Analytical model. Table 2. Specifications of analytical models. Fig

Vol.53 No (Mar. 2012) 1, 1,a) 1, 2 1 1, , Musical Interaction System Based on Stage Metaphor Seiko Myojin 1, 1,a

"CAS を利用した Single Sign On 環境の構築"

"CAS を利用した Single Sign On 環境の構築"

3D UbiCode (Ubiquitous+Code) RFID ResBe (Remote entertainment space Behavior evaluation) 2 UbiCode Fig. 2 UbiCode 2. UbiCode 2. 1 UbiCode UbiCode 2. 2

2006 [3] Scratch Squeak PEN [4] PenFlowchart 2 3 PenFlowchart 4 PenFlowchart PEN xdncl PEN [5] PEN xdncl DNCL 1 1 [6] 1 PEN Fig. 1 The PEN

IPSJ SIG Technical Report Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for

[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing

Vol.54 No (Mar. 2013) 1,a) , A Case Study of the Publication of Information on the Japan Earthquake Naoto Matsumoto 1,a

TCP/IP IEEE Bluetooth LAN TCP TCP BEC FEC M T M R M T 2. 2 [5] AODV [4]DSR [3] 1 MS 100m 5 /100m 2 MD 2 c 2009 Information Processing Society of

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

IPSJ SIG Technical Report Vol.2017-ARC-225 No.12 Vol.2017-SLDM-179 No.12 Vol.2017-EMB-44 No /3/9 1 1 RTOS DefensiveZone DefensiveZone MPU RTOS

A Study on Throw Simulation for Baseball Pitching Machine with Rollers and Its Optimization Shinobu SAKAI*5, Yuichiro KITAGAWA, Ryo KANAI and Juhachi

日本感性工学会論文誌

7,, i

DPA,, ShareLog 3) 4) 2.2 Strino Strino STRain-based user Interface with tacticle of elastic Natural ObjectsStrino 1 Strino ) PC Log-Log (2007 6)

1 4 4 [3] SNS 5 SNS , ,000 [2] c 2013 Information Processing Society of Japan

IPSJ SIG Technical Report Vol.2016-CE-137 No /12/ e β /α α β β / α A judgment method of difficulty of task for a learner using simple

Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval

1_26.dvi

2 [2] Flow Visualizer 1 DbD 2. DbD [4] Web (PV) Web Web Web 3 ( 1) ( 1 ) Web ( 2 ) Web Web ( 3 ) Web DbD DbD () DbD DbD DbD 2.1 DbD DbD URL URL Google

<95DB8C9288E397C389C88A E696E6462>

第62巻 第1号 平成24年4月/石こうを用いた木材ペレット

1 Fig. 2 2 Fig. 1 Sample of tab UI 1 Fig. 1 that changes by clicking tab 5 2. Web HTML Adobe Flash Web ( 1 ) ( 2 ) ( 3 ) ( 4 ) ( 5 ) 3 Web 2.1 Web Goo

Vol.53 No (July 2012) EV ITS 1,a) , EV 1 EV ITS EV ITS EV EV EV Development and Evaluation of ITS Information Commu

IPSJ SIG Technical Report Vol.2009-DPS-141 No.20 Vol.2009-GN-73 No.20 Vol.2009-EIP-46 No /11/27 1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Spe

3_39.dvi

IPSJ SIG Technical Report Vol.2012-CG-148 No /8/29 3DCG 1,a) On rigid body animation taking into account the 3D computer graphics came

HP cafe HP of A A B of C C Map on N th Floor coupon A cafe coupon B Poster A Poster A Poster B Poster B Case 1 Show HP of each company on a user scree

P2P Web Proxy P2P Web Proxy P2P P2P Web Proxy P2P Web Proxy Web P2P WebProxy i

Web Web Web Web i

IPSJ SIG Technical Report Vol.2014-IOT-27 No.14 Vol.2014-SPT-11 No /10/10 1,a) 2 zabbix Consideration of a system to support understanding of f

1., 1 COOKPAD 2, Web.,,,,,,.,, [1]., 5.,, [2].,,.,.,, 5, [3].,,,.,, [4], 33,.,,.,,.. 2.,, 3.., 4., 5., ,. 1.,,., 2.,. 1,,

スライド 1

1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D

1 1 CodeDrummer CodeMusician CodeDrummer Fig. 1 Overview of proposal system c

IPSJ SIG Technical Report Vol.2011-DBS-153 No /11/3 Wikipedia Wikipedia Wikipedia Extracting Difference Information from Multilingual Wiki


The copyright of this material is retained by the Information Processing Society of Japan (IPSJ). The material has been made available on the website

Fig. 3 Flow diagram of image processing. Black rectangle in the photo indicates the processing area (128 x 32 pixels).


Computer Security Symposium October 2013 Android OS kub

258 5) GPS 1 GPS 6) GPS DP 7) 8) 10) GPS GPS ) GPS Global Positioning System

Vol.53 No (Aug. 2012) BibTEX 1 2,a) , bole BibTEX BibTEX 1 BibTeX Literature Management System Based on BibTEX for L

Lunascape 4 Lunascape () ARPANET HTML, http Tim Berners-Lee WorldWideWeb ( Nexus ) 1993 Marc Andreessen(Net

e-learning station 1) 2) 1) 3) 2) 2) 1) 4) e-learning Station 16 e-learning e-learning key words: e-learning LMS CMS A Trial and Prospect of Kumamoto

,,,,., C Java,,.,,.,., ,,.,, i

( )

E MathML W3C MathJax 1.3 MathJax MathJax[5] TEX MathML JavaScript TEX MathML [8] [9] MathSciNet[10] MathJax MathJax MathJax MathJax MathJax MathJax We

( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst

1 UD Fig. 1 Concept of UD tourist information system. 1 ()KDDI UD 7) ) UD c 2010 Information Processing S

01-譴カ蜴・-8.fm

1 Table 1: Identification by color of voxel Voxel Mode of expression Nothing Other 1 Orange 2 Blue 3 Yellow 4 SSL Humanoid SSL-Vision 3 3 [, 21] 8 325

17 Proposal of an Algorithm of Image Extraction and Research on Improvement of a Man-machine Interface of Food Intake Measuring System

特集_02-03.Q3C

Q [4] 2. [3] [5] ϵ- Q Q CO CO [4] Q Q [1] i = X ln n i + C (1) n i i n n i i i n i = n X i i C exploration exploitation [4] Q Q Q ϵ 1 ϵ 3. [3] [5] [4]

WikiWeb Wiki Web Wiki 2. Wiki 1 STAR WARS [3] Wiki Wiki Wiki 2 3 Wiki 5W1H Wiki Web 2.2 5W1H 5W1H 5W1H 5W1H 5W1H 5W1H 5W1H 2.3 Wiki 2015 Informa

Fig. 1 Schematic construction of a PWS vehicle Fig. 2 Main power circuit of an inverter system for two motors drive

MDD PBL ET 9) 2) ET ET 2.2 2), 1 2 5) MDD PBL PBL MDD MDD MDD 10) MDD Executable UML 11) Executable UML MDD Executable UML

23 The Study of support narrowing down goods on electronic commerce sites

IPSJ SIG Technical Report Pitman-Yor 1 1 Pitman-Yor n-gram A proposal of the melody generation method using hierarchical pitman-yor language model Aki

Firefox Firefox Mozilla addons.mozilla.org (AMO) AMO Firefox Mozilla AMO Firefox Firefox Mozilla Firefox Firefox Firefox 年間登録数

IPSJ SIG Technical Report Vol.2014-HCI-157 No.26 Vol.2014-GN-91 No.26 Vol.2014-EC-31 No /3/15 1,a) 2 3 Web (SERP) ( ) Web (VP) SERP VP VP SERP

1 Web [2] Web [3] [4] [5], [6] [7] [8] S.W. [9] 3. MeetingShelf Web MeetingShelf MeetingShelf (1) (2) (3) (4) (5) Web MeetingShelf

FUJII, M. and KOSAKA, M. 2. J J [7] Fig. 1 J Fig. 2: Motivation and Skill improvement Model of J Orchestra Fig. 1: Motivating factors for a

Vol.54 No (July 2013) [9] [10] [11] [12], [13] 1 Fig. 1 Flowchart of the proposed system. c 2013 Information

Vol. 42 No MUC-6 6) 90% 2) MUC-6 MET-1 7),8) 7 90% 1 MUC IREX-NE 9) 10),11) 1) MUCMET 12) IREX-NE 13) ARPA 1987 MUC 1992 TREC IREX-N

THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE.

DTN DTN DTN DTN i

LAN LAN LAN LAN LAN LAN,, i

IPSJ SIG Technical Report Vol.2012-HCI-149 No /7/20 1 1,2 1 (HMD: Head Mounted Display) HMD HMD,,,, An Information Presentation Method for Weara

Web Basic Web SAS-2 Web SAS-2 i

ActionScript Flash Player 8 ActionScript3.0 ActionScript Flash Video ActionScript.swf swf FlashPlayer AVM(Actionscript Virtual Machine) Windows

untitled

IPSJ SIG Technical Report Vol.2011-MUS-91 No /7/ , 3 1 Design and Implementation on a System for Learning Songs by Presenting Musical St

Tf dvi

Table 1. Assumed performance of a water electrol ysis plant. Fig. 1. Structure of a proposed power generation system utilizing waste heat from factori

IPSJ SIG Technical Report Vol.2010-SLDM-144 No.50 Vol.2010-EMB-16 No.50 Vol.2010-MBL-53 No.50 Vol.2010-UBI-25 No /3/27 Twitter IME Twitte

/ p p

IPSJ SIG Technical Report Vol.2009-HCI-134 No /7/17 1. RDB Wiki Wiki RDB SQL Wiki Wiki RDB Wiki RDB Wiki A Wiki System Enhanced by Visibl

206“ƒŁ\”ƒ-fl_“H„¤‰ZŁñ

(a) (b) 1 JavaScript Web Web Web CGI Web Web JavaScript Web mixi facebook SNS Web URL ID Web 1 JavaScript Web 1(a) 1(b) JavaScript & Web Web Web Webji

untitled

Vol. 48 No. 4 Apr LAN TCP/IP LAN TCP/IP 1 PC TCP/IP 1 PC User-mode Linux 12 Development of a System to Visualize Computer Network Behavior for L

IIC Proposal of Range Extension Control System by Drive and Regeneration Distribution Based on Efficiency Characteristic of Motors for Electric

Vol.2.indb

IPSJ SIG Technical Report Vol.2017-CLE-21 No /3/21 e 1,2 1,2 1 1,2 1 Sakai e e e Sakai e Current Status and Challenges on e-learning T

, : GUI Web Java 2.1 GUI GUI GUI 2 y = x y = x y = x

企業内システムにおけるA j a x 技術の利用

A Feasibility Study of Direct-Mapping-Type Parallel Processing Method to Solve Linear Equations in Load Flow Calculations Hiroaki Inayoshi, Non-member

Transcription:

DNS Web Web Request Policy Framework 1,a) 2 1 2011 11 30, 2012 6 1 Web Web Drive-by download Gumblar Web Web JavaScript Web Web Request Policy Framework Request Policy Framework Web Gumblar DNS Proposal and Evaluation of Web Access Control System Request Policy Framework for Cooperation of DNS and a Web Browser Takashi Uemura 1,a) Yusuke Kosuda 2 Ryoichi Sasaki 1 Received: November 30, 2011, Accepted: June 1, 2012 Abstract: The drive by download attack technique such as Gumblar, which compromise websites by infecting them with a virus and direct operations, has been increasing rapidly in recent years. Existing measures to detect dangerous scripts using a Web browser cannot protect against all of the attacks, because it is difficult for everyone to find dangerous scripts. Therefore, the authors devised a mechanism named RPF (Request Policy Framework) that uses a highly accuracy whitelist obtained by using a Web browser cooperating with the DNS server. This paper reports the detailed mechanism of RPF, the prototype program, evaluation results of its function and performance, and the consideration of coverage by RPF. Keywords: access control and authentication, Web security, Gumblar, DNS 1. Web Web Gumblar Web Gumblar Web Drive-by download Web 1 Tokyo Denki University, Adachi, Tokyo 120 8551, Japan 2 NEC NEC Soft Ltd, Koto, Tokyo 136 0082, Japan a) uemura@isl.im.dendai.ac.jp Web Web Gumblar Web Driveby download Gumblar 1 (1-a) (1-b) Web (2) (3-a) Web c 2012 Information Processing Society of Japan 2107

1 Gumblar Fig. 1 Flow of Gumblar attack. Fig. 2 2 RequestPolicy Example of operation based on RequestPolicy. (3-b) (4) PC (5) Web Web Web Web Gumblar IP Web IP false positive false negative Web Web Request Policy Framework 2 3 4 5 6 2. 2.1 Web Web (1) Web Web JavaScript Web Web Web Web Web NoScript [1] Firefox Web Web Web Web.htaccess Gumblar (2) Web Web Web Firefox RequestPolicy [2] RequestPolicy Web img script iframe 2 www.example.co.jp Web Web ads.example.com, mal.example.net RequestPolicy c 2012 Information Processing Society of Japan 2108

RequestPolicy Web NoScript Web API Web NoScript Web Web (3) Web Web Web gred [3] Gumblar Watch [4] Web Web Web Web Web Web 0 2.2 Web (1) Web Web Web Web Web Page Inspection WPI [5] WPI false negative 0% Web Web false positive 3.53% (2) Web [6] Web Web Web Web 3.33% (1) (3) [7] Web Web script iframe (4) [8] Web Web Web Web Web Gumblar 2.3 (1) c 2012 Information Processing Society of Japan 2109

(2) Web Web Web Web (3) Web Web NoScript Gumblar RequestPolicy RequestPolicy (4) Web Web 3. 3.1 2 Web RequestPolicy 1 Web 2 Web 3 Web 4 Web Web Web 1 Gumblar Web Web Web 2 Web Web 0 3 Gumblar 4 3.2 RequestPolicy DNS Sender Policy Framework SPFSPF 1 RFC4408 [9] DNS IP IP A RR 1 SPF TXT *1 RR IP TXT Web 2 Web DNS Web DNS 1 Web Web RequestPolicy DNS TXT Web Web DNS RequestPolicy Web Web *1 DNS SPF RR c 2012 Information Processing Society of Japan 2110

3 RPF Fig. 3 Basic format of RPF information. 3.3 Request Policy Framework RequestPolicy Sender Policy Framework Request Policy Framework RPFRPF Web DNS 1 Web RPF Firefox 2 Web Web Web DNS 3 DNS 2 Web TXT 1 3 Web Web Web Gumblar Web RPF DNS TXT SPF 3 RPF DNS TXT RPF RPF DNS TXT +dn: Web -all 3.4 Request Policy Framework 3.3 RPF Web RPF Web 4 1 Web RPF Web Web 4 www.example.co.jpweb 4 RPF Web Fig. 4 Mechanism for Web access under RPF environment. 2 Web Web Web Web DNS RPF 3 RPF Web Web 4 3 RPF +dn: a3.example.co.jp ads.example.com Web mal.example.net Web RPF -all RPF Web Web Web img script iframe Gumblar.htaccess 3.5 Request Policy Framework RPF Web RPF Web Web c 2012 Information Processing Society of Japan 2111

Web RPF RPF Web DNS 3.6 Web Web Web 0 RPF Web Web Web RPF Gumblar 4. 4.1 Web RequestPolicy RPF RPF RequestPolicy Web Mozilla Firefox version 8.0.1 JavaScript CSS XPCOM XUL 400 DNS RPF RPF DNS DNS RPF 4.2 RPF Web Web Flash Web Web RequestPolicy Web Web 5Web 1 3 3 1 RPF RequestPolicy Web Firefox Web 2 6 3 7 RPF 5 Fig. 5 List of cross-domain requests. c 2012 Information Processing Society of Japan 2112

Fig. 8 8 RPF RPF information for experiments. Fig. 6 6 Method for permission of destination domain. Fig. 9 9 Items for operation check experiments. 7 Fig. 7 Method for copy of destination domain. RPF Web Flash Web *2 Web 5. 5.1 RPF Web DNS RPF Web Web img YouTube Web Web 4 DNS TXT 3 8 Web TXT RPF RPF RequestPolicy Web 9 *2 SPF include Web DNS RPF Web YouTube YouTube RPF SPF ip4/ip6 Web RPF Web 5.2 4.2 Web Web [10] 10 c 2012 Information Processing Society of Japan 2113

Table 1 1 Experimental result for support function. Table 2 2 Result of speed measurement. Yahoo! JAPAN 3 Web Web DNS DNS 1 Web 3 5.1 Web Web Web iframe Web RPF iframe RPF 5.3 RPF RPF DNS RPF Web Web 5.2 Firefox RPF RequestPolicy Firefox Web 10 2 RPF RequestPolicy Web Web 9% 3 Web Table 3 Relationships between domains and Web sites. 5.4 RPF Web Web 4 3 1 Web Web RPF Web Web RPF img RPF script iframe RPF c 2012 Information Processing Society of Japan 2114

10 Fig. 10 Ratio on type of damages. Gumblar Web [11] 10 Web Web RPF 1 Gumblar 8 Web 1 SSL Same Origin Policy [12] [13] Web Web RPF 6. 6.1 DNS DNS DNS DNS RPF DNS RPF DNS RPF Web Web DNS Source Port Randomization DNSSEC [14] RPF 6.2 Web DNS RPF DNS DNS DNS TTL Time To LiveWeb RPF Web TTL RPF RPF TTL 3,600 1 Web 1 RPF RPF TTL 86,400 1 RPF TTL TTL 86,400 TXT RPF TTL 6.3 Web DNS RPF DNS Web DNS Web DNS RPF RPF Web DNS Web Web RPF RPF Web DNS [15], [16] 7. Gumblar Drive-by download Web Web DNS Request Policy Framework RPF Gumblar RPF RPF c 2012 Information Processing Society of Japan 2115

RPF Web RPF DNS RPF RPF [1] Mozilla Corporation: NoScript, Add-ons for Firefox, available from https://addons.mozilla.org/ja/firefox/ addon/noscript/ (accessed 2012-03-26). [2] Samuel, J. and Zhang, B.: RequestPolicy: Increasing Web Browsing Privacy through Control of Cross-Site Requests, Proc. Privacy Enhancing Technologies Symposium, Vol.5672, pp.128 142 (2009). [3] gred http://www.securebrain.co.jp/products/gred/ index.html 2011-11-25. [4] at+link Gumblar Gumblar Watch http://www.at-link.ad.jp/topics/news/ news-20100225.html 2011-11-25. [5] Chia-Mei, C., Wan-Yi, T. and Hsiao-Chung, L.: Anomaly Behavior Analysis for Web Page Inspection, Proc. 2009 1st International Conference on Networks & Communications (NETCOM 09 ), pp.358 363 (2009). [6] Web CSEC Vol.2011-CSEC-54, No.32, pp.1 6 (2011). [7] Web CSEC Vol.2010- CSEC-48, No.9, pp.1 7 (2010). [8] Web CSEC Vol.2011-CSEC-52, No.53, pp.1 6 (2011). [9] Internet Engineering Task Force (IETF), Sender Policy Framework (SPF) for Authorizing Use of Domains in E- Mail, Version 1, available from http://www.ietf.org/ rfc/rfc4408.txt (accessed 2011-11-28). [10] 500 http://akimoto.jp/japan/ 2012-03-17. [11] gred Vol.7 2010 1 4-1 Gumblar 2010 1 http://www.securebrain.co.jp/about/news/2010/02/ gred-report7.html 2012-03-08. [12] Same-Origin http://gihyo.jp/dev/serial/01/web20sec/0002 2012-03-08. [13] SSL @ http://takagihiromitsu.jp/diary/20100501.html 2012-03-08. [14] DNSSEC http://venus.gr.jp/opf-jp/opm15/jpopm15-08.pdf 2011-11-11. [15] http://support.sakura.ad.jp/manual/ dom/zone.html 2012-03-21. [16] WebARENA DNS http://web.arena.ne.jp/suitex/spec/domain/dns.html 2012-03-21. 2011 4 Web 2008 NEC 20 1971 3 4 2001 4 2007 4 1998 2002 2007 IT 2008 c 2012 Information Processing Society of Japan 2116

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック