17 1 JavaScript JavaScript SCvanisher SCvanisher JavaScript SCvanisher JavaScript SCvanisher JavaScript JavaScript SCvanisher JavaScript HTML SCvanish



Similar documents
Vol. 48 No. 4 Apr LAN TCP/IP LAN TCP/IP 1 PC TCP/IP 1 PC User-mode Linux 12 Development of a System to Visualize Computer Network Behavior for L

258 5) GPS 1 GPS 6) GPS DP 7) 8) 10) GPS GPS ) GPS Global Positioning System

(a) (b) 1 JavaScript Web Web Web CGI Web Web JavaScript Web mixi facebook SNS Web URL ID Web 1 JavaScript Web 1(a) 1(b) JavaScript & Web Web Web Webji

3_23.dvi

Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m

untitled

ActionScript Flash Player 8 ActionScript3.0 ActionScript Flash Video ActionScript.swf swf FlashPlayer AVM(Actionscript Virtual Machine) Windows

7_16.dvi

1 Fig. 1 Extraction of motion,.,,, 4,,, 3., 1, 2. 2.,. CHLAC,. 2.1,. (256 ).,., CHLAC. CHLAC, HLAC. 2.3 (HLAC ) r,.,. HLAC. N. 2 HLAC Fig. 2

fiš„v5.dvi

Firefox Firefox Mozilla addons.mozilla.org (AMO) AMO Firefox Mozilla AMO Firefox Firefox Mozilla Firefox Firefox Firefox 年間登録数

WebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i

2006 [3] Scratch Squeak PEN [4] PenFlowchart 2 3 PenFlowchart 4 PenFlowchart PEN xdncl PEN [5] PEN xdncl DNCL 1 1 [6] 1 PEN Fig. 1 The PEN

Web Web Web Web Web, i

2). 3) 4) 1.2 NICTNICT DCRA Dihedral Corner Reflector micro-arraysdcra DCRA DCRA DCRA 3D DCRA PC USB PC PC ON / OFF Velleman K8055 K8055 K8055

Web Web Web Web i

Vol. 28 No. 2 Apr Web Twitter/Facebook UI Twitter Web Twitter/Facebook e.g., Web Web UI 1 2 SNS 1, 2 2

HP cafe HP of A A B of C C Map on N th Floor coupon A cafe coupon B Poster A Poster A Poster B Poster B Case 1 Show HP of each company on a user scree

2. Twitter Twitter 2.1 Twitter Twitter( ) Twitter Twitter ( 1 ) RT ReTweet RT ReTweet RT ( 2 ) URL Twitter Twitter 140 URL URL URL 140 URL URL

1 1 CodeDrummer CodeMusician CodeDrummer Fig. 1 Overview of proposal system c

1 Gumblar Fig. 1 Flow of Gumblar attack. Fig. 2 2 RequestPolicy Example of operation based on RequestPolicy. (3-b) (4) PC (5) Web Web Web Web Gumblar

IPSJ SIG Technical Report Vol.2009-HCI-134 No /7/17 1. RDB Wiki Wiki RDB SQL Wiki Wiki RDB Wiki RDB Wiki A Wiki System Enhanced by Visibl

IPSJ SIG Technical Report Vol.2012-CG-148 No /8/29 3DCG 1,a) On rigid body animation taking into account the 3D computer graphics came

1 Table 1: Identification by color of voxel Voxel Mode of expression Nothing Other 1 Orange 2 Blue 3 Yellow 4 SSL Humanoid SSL-Vision 3 3 [, 21] 8 325

B 20 Web

IPSJ SIG Technical Report Vol.2010-SLDM-144 No.50 Vol.2010-EMB-16 No.50 Vol.2010-MBL-53 No.50 Vol.2010-UBI-25 No /3/27 Twitter IME Twitte

ohp.mgp

HASC2012corpus HASC Challenge 2010,2011 HASC2011corpus( 116, 4898), HASC2012corpus( 136, 7668) HASC2012corpus HASC2012corpus

IPSJ SIG Technical Report Vol.2014-HCI-157 No.26 Vol.2014-GN-91 No.26 Vol.2014-EC-31 No /3/15 1,a) 2 3 Web (SERP) ( ) Web (VP) SERP VP VP SERP

IPSJ SIG Technical Report Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

DEIM Forum 2019 H2-2 SuperSQL SuperSQL SQL SuperSQL Web SuperSQL DBMS Pi

2 : Open Clip Art Library [4] Microsoft Office PowerPoint Web PowerPoint 2 Yahoo! Web [5] SlideShare Yahoo! Web Yahoo! Web

25 About what prevent spoofing of misusing a session information

1_26.dvi

IPSJ SIG Technical Report Vol.2009-DPS-141 No.23 Vol.2009-GN-73 No.23 Vol.2009-EIP-46 No /11/27 t-room t-room 2 Development of

[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing

1 Web [2] Web [3] [4] [5], [6] [7] [8] S.W. [9] 3. MeetingShelf Web MeetingShelf MeetingShelf (1) (2) (3) (4) (5) Web MeetingShelf

16_.....E...._.I.v2006

DEIM Forum 2010 D Development of a La

IPSJ SIG Technical Report Vol.2014-CE-127 No /12/7 1,a) 2,3 2,3 3 Development of the ethological recording application for the understanding of

Vol. 23 No. 4 Oct Kitchen of the Future 1 Kitchen of the Future 1 1 Kitchen of the Future LCD [7], [8] (Kitchen of the Future ) WWW [7], [3

e-learning e e e e e-learning 2 Web e-leaning e 4 GP 4 e-learning e-learning e-learning e LMS LMS Internet Navigware

B HNS 7)8) HNS ( ( ) 7)8) (SOA) HNS HNS 4) HNS ( ) ( ) 1 TV power, channel, volume power true( ON) false( OFF) boolean channel volume int

Input image Initialize variables Loop for period of oscillation Update height map Make shade image Change property of image Output image Change time L

自然言語処理16_2_45

XML Tool to Check the Consistency both Software Documents Using XML and Source Programs 1 Summary. Generally, a software consists of source programs a

Web Web ID Web 16 Web Web i

, IT.,.,..,.. i

,4) 1 P% P%P=2.5 5%!%! (1) = (2) l l Figure 1 A compilation flow of the proposing sampling based architecture simulation

28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment

3_39.dvi

Flash Player ローカル設定マネージャー

Lunascape 4 Lunascape () ARPANET HTML, http Tim Berners-Lee WorldWideWeb ( Nexus ) 1993 Marc Andreessen(Net

Vol. 42 No. SIG 8(TOD 10) July HTML 100 Development of Authoring and Delivery System for Synchronized Contents and Experiment on High Spe

jquery


The copyright of this material is retained by the Information Processing Society of Japan (IPSJ). The material has been made available on the website

3D UbiCode (Ubiquitous+Code) RFID ResBe (Remote entertainment space Behavior evaluation) 2 UbiCode Fig. 2 UbiCode 2. UbiCode 2. 1 UbiCode UbiCode 2. 2

IPSJ SIG Technical Report Vol.2014-CE-126 No /10/11 1,a) Kinect Support System for Romaji Learning through Exercise Abstract: Educatio

計量国語学 アーカイブ ID KK 種別 特集 招待論文 A タイトル Webコーパスの概念と種類, 利用価値 語史研究の情報源としてのWebコーパス Title The Concept, Types and Utility of Web Corpora: Web Corpora as

6 2. AUTOSAR 2.1 AUTOSAR AUTOSAR ECU OSEK/VDX 3) OSEK/VDX OS AUTOSAR AUTOSAR ECU AUTOSAR 1 AUTOSAR BSW (Basic Software) (Runtime Environment) Applicat

08encode part 2

ID 3) 9 4) 5) ID 2 ID 2 ID 2 Bluetooth ID 2 SRCid1 DSTid2 2 id1 id2 ID SRC DST SRC 2 2 ID 2 2 QR 6) 8) 6) QR QR QR QR

E MathML W3C MathJax 1.3 MathJax MathJax[5] TEX MathML JavaScript TEX MathML [8] [9] MathSciNet[10] MathJax MathJax MathJax MathJax MathJax MathJax We

6_27.dvi

1 Web Web 1,,,, Web, Web : - i -

,,.,,., II,,,.,,.,.,,,.,,,.,, II i

Fig. 3 3 Types considered when detecting pattern violations 9)12) 8)9) 2 5 methodx close C Java C Java 3 Java 1 JDT Core 7) ) S P S

( )

Session Fixation ID ID ID ID WhiteHat Security 1) 12% Session Fixation MBSD 2) Session Fixation Session Fixation ID ID ID ID ID Session Fixation ID ID

untitled


2

2

bit : データの最小単位 1bit = 最小状態の単位 二進一桁 = 配線一本 Byte バイト 8bits 0-255まで アルファベットは 1 バイト 256 文字以下 漢字は 普通は 2 バイト 文字以下 2

IPSJ SIG Technical Report Vol.2009-DPS-141 No.20 Vol.2009-GN-73 No.20 Vol.2009-EIP-46 No /11/27 1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Spe

Microsoft Word - toyoshima-deim2011.doc


29 jjencode JavaScript

: Name, Tel name tel (! ) name : Name! Tel tel ( % ) 3. HTML. : Name % Tel name tel 2. 2,., [ ]!, [ ]!, [ ]!,. [! [, ]! ]!,,. ( [ ], ),. : [Name], nam

IPSJ SIG Technical Report Vol.2012-HCI-149 No /7/20 1 1,2 1 (HMD: Head Mounted Display) HMD HMD,,,, An Information Presentation Method for Weara

評論・社会科学 84号(よこ)(P)/3.金子

1 Fig. 2 2 Fig. 1 Sample of tab UI 1 Fig. 1 that changes by clicking tab 5 2. Web HTML Adobe Flash Web ( 1 ) ( 2 ) ( 3 ) ( 4 ) ( 5 ) 3 Web 2.1 Web Goo

IPSJ SIG Technical Report Vol.2011-EC-19 No /3/ ,.,., Peg-Scope Viewer,,.,,,,. Utilization of Watching Logs for Support of Multi-

Virtual Window System Virtual Window System Virtual Window System Virtual Window System Virtual Window System Virtual Window System Social Networking

IPSJ SIG Technical Report Vol.2014-GN-90 No.16 Vol.2014-CDS-9 No.16 Vol.2014-DCC-6 No /1/24 1,a) 2,b) 2,c) 1,d) QUMARION QUMARION Kinect Kinect

Vol.53 No (Mar. 2012) 1, 1,a) 1, 2 1 1, , Musical Interaction System Based on Stage Metaphor Seiko Myojin 1, 1,a

( 1) 3. Hilliges 1 Fig. 1 Overview image of the system 3) PhotoTOC 5) 1993 DigitalDesk 7) DigitalDesk Koike 2) Microsoft J.Kim 4). 2 c 2010

9_18.dvi

Web Web Web 2

PeerPool IP NAT IP UPnP 2) Bonjour 3) PeerPool CPU 4) 2 UPnP Bonjour PeerPool CPU PeerPool PeerPool PPv2 PPv2 2. PeerPool 2.1 PeerPool PeerPool PoolGW

ディスプレイと携帯端末間の通信を実現する映像媒介通信技術

IPSJ SIG Technical Report Vol.2017-ARC-225 No.12 Vol.2017-SLDM-179 No.12 Vol.2017-EMB-44 No /3/9 1 1 RTOS DefensiveZone DefensiveZone MPU RTOS

Lotus Domino XML活用の基礎!

IPSJ SIG Technical Report Vol.2011-MUS-91 No /7/ , 3 1 Design and Implementation on a System for Learning Songs by Presenting Musical St

3. ( 1 ) Linear Congruential Generator:LCG 6) (Mersenne Twister:MT ), L 1 ( 2 ) 4 4 G (i,j) < G > < G 2 > < G > 2 g (ij) i= L j= N

17 Proposal of an Algorithm of Image Extraction and Research on Improvement of a Man-machine Interface of Food Intake Measuring System

IPSJ SIG Technical Report Vol.2011-IOT-12 No /3/ , 6 Construction and Operation of Large Scale Web Contents Distribution Platfo

”‰−ofiI…R…fi…e…L…X…g‡ðŠp‡¢‡½„�“õ„‰›Ê‡Ì™ñ”¦

Transcription:

Vol. 3 No. 4 16 26 (Sep. 2010) 1 2 Ajax Ajax JavaScript JavaScript SCvanisher SCvanisher JavaScript JavaScript JavaScript SCvanisher JavaScript JavaScript Hiding Source Code of Web Application on Client Browser Takahiro Orito 1 and Hideya Iwasaki 2 Recently web applications that use JavaScript have become very popular. Developers of such applications cannot avoid publishing JavaScript source code, because the code has to be sent from the web server to the client to be executed on the client s browser. This causes two problems. First, the source code could be stolen by another developer. Second, if the application has a security hole, attackers could easily find out its vulnerability. In this paper, we propose SCvanisher, a mechanism that hides the source code of a web application from the clients. SCvanisher executes the original JavaScript code of the application on the web server, and sends the resultant web page that do not include the original code to the client. It achieves interactive behavior of a web application such as the text input by making both server and client sides cooperate. By using SCvanisher, the developer can easily describe JavaScript code without being annoyed with hiding its source code. 1. JavaScript Ajax Asynchronous JavaScript and XML Ajax JavaScript Ajax JavaScript JavaScript JavaScript JavaScript Google Maps Google Maps JavaScript 1 1 Graduate School of Electro-Communications, The University of Electro-Communications 2 Graduate School of Informatics and Engineering, The University of Electro-Communications 16 c 2010 Information Processing Society of Japan

17 1 JavaScript JavaScript SCvanisher SCvanisher JavaScript SCvanisher JavaScript SCvanisher JavaScript JavaScript SCvanisher JavaScript HTML SCvanisher JavaScript JavaScript 1 2 3 SCvanisher 4 5 SCvanisher 6 1 SCvanisher SCvanisher 2. 2 2.1 Dotfuscator 1) Microsoft.NET Framework SHTML 2) HTML JavaScript 3) 4) 5) SHTML

18 JavaScript JavaScript 6) 2.2 bruby 7) Exerb 8) JavaScript Ruby Ruby bruby Exerb Windows 9) Jaxer 10) 1 JavaScript Jaxer Jaxer JavaScript Jaxer 3. 3.1 JavaScript JavaScript JavaScript JavaScript JavaScript 3.2 JavaScript SCvanisher 1 JavaScript 1 1 JavaScript DOM HTML JavaScript DOM JavaScript SCvanisher Firefox JavaScript JavaScript

19 DOM JavaScript SCvanisher Telnet Telnet Firefox MozRepl DOM Telnet MozRepl 3.4 Firefox MozRepl MozRepl Telnet 1 SCvanisher 1 Firefox MozRepl SCvanisher HTML script JavaScript HTML JavaScript JavaScript HTML SCvanisher VNC Virtual Network Computing VNC JavaScript VNC 3.3 SCvanisher 1 SCvanisher JavaScript 1 SCvanisher Fig. 1 Outline of operations of SCvanisher. 2 SCvanisher Fig. 2 Overall structure of SCvanisher. SCvanisher 2 JavaScript JavaScript 3

20 JavaScript JavaScript JavaScript HTML JavaScript JavaScript 3.4 SCvanisher 3.4.1 JavaScript JavaScript 4 JavaScript JavaScript HTML 3.2 Firefox MozRepl JavaScript Telnet MozRepl Telnet IP Telnet Firefox JavaScript Firefox SCvanisher Firefox 3.4.2 Ajax SCvanisher 2 ID JavaScript JavaScript JavaScript JavaScript JavaScript JavaScript JavaScript JavaScript HTML div 11) 3.4.3 2 JavaScript JavaScript Perl CGI Telnet DOM JavaScript Firefox id Firefox

21 3 Fig. 3 Conversion example by relay part. Telnet JavaScript JavaScript Firefox HTML Telnet HTML 3 3 JavaScript SCvanisher HTML 1 JavaScript JavaScript JavaScript JavaScript 1 Table 1 Conversion rule in relay part. script noscript input select etc a href img src etc 3 3 sendiptval id runjsfunc sendiptval runjsfunc 3.3

22 SCvanisher HTML 3.4.4 SCvanisher JavaScript HTML SCvanisher 4. 4.1 SCvanisher SCvanisher ID Ajax JavaScript Perl 4.1.1 SCvanisher Google Chrome JavaScript JavaScript ID SCvanisher SCvanisher ID 4.1.2 JavaScript JavaScript SCvanisher Microsoft Internet Explorer 7.0.5730.13 Mozilla Firefox 3.5.7 Google Chrome 3.0.195.38 3 (1) URL (2) ID (3) (4) (5) (6) (7) (8) (9) 4 5 Firefox (1) (4) SCvanisher HTML 4 5 HTML HTML JavaScirpt document.body.innerhtml HTML SCvanisher onclick sendiptval runjsfunc

23 (a) <div id="maintable"><table><tbody> <tr> <td align="center">iidx ID</td> <td align="center"> <input size="16" id="iidxid" value="" onchange="sendiptval( iidxid )" type="text"></td> </tr> <tr> <td colspan="2" align="center"> <input value="login" onclick="runjsfunc( Login, )" type="button"></td> </tr> </tbody></table></div> (b) SCvanisher HTML 4 SCvanisher (1) Fig. 4 Snapshot of SCvanisher ( 1 ). <div id="maintable"><table><tbody> <tr> <td align="center">iidx ID</td> <td align="center"> <input size="16" id="iidxid" value="" type="text"></td> </tr> <tr> <td colspan="2" align="center"> <input value="login" onclick="login()" type="button"></td> </tr> </tbody></table></div> (c) SCvanisher HTML 4.2 4.2.1 SCvanisher SCvanisher JavaScript JavaScript Load Average CPU Load Average (a) <div id="uptable"> <input value="status" onclick="runjsfunc( MakePlayerTable,u_data )" type="button"> </div> <div id="midtable"> <input value=".win" onclick="runjsfunc( UpdateSongPack,14,rvl1 )" type="button"> </div> <div id="maintable"><table width="698"> <tbody><tr> <td align="center"> <a href="javascript:runjsfunc( test1,14 )">Lv</a></td> (b) SCvanisher HTML 5 SCvanisher (4) Fig. 5 Snapshot of SCvanisher ( 4 ). <div id="uptable"> <input value="status" onclick="makeplayertable(u_data)" type="button"> </div> <div id="midtable"> <input value=".win" onclick="updatesongpack(14,rvl1)" type="button"> </div> <div id="maintable"><table width="698"> <tbody><tr> <td align="center"> <a href="javascript:test1(14)">lv</a></td> (c) SCvanisher HTML 0.1 Load Average 2.5 100 1,000 100 CPU: Intel Pentium4 3.0 GHz RAM: 1,024 MB OS: Debin GNU/Linux 5.0.3 6 2

24 3 Table 3 Number of communications and amounts of transferred data. SCvanisher SCvanisher / / / (1) 2 766 7,299 4 1,746 2,687 2 792 7,299 (2) 23 10,393 14,299 3 1,737 1,278 23 10,692 14,299 (3) 3 1,207 4,512 5 2,390 9,389 3 1,246 4,512 (4) 0 0 0 2 1,160 5,040 0 0 0 (5) 0 0 0 3 1,745 5,140 0 0 0 (6) 1 979 829 2 1,147 4,882 1 992 829 (7) 0 0 0 2 1,156 4,418 0 0 0 (8) 0 0 0 2 1,156 4,872 0 0 0 (9) 0 0 0 2 1,147 739 0 0 0 29 13,345 26,939 25 13,384 38,445 29 13,722 26,939 262.7 6 Fig. 6 Execution times in relay part. 2 Table 2 Execution times in relay part (in milliseconds). 100 200 300 400 500 Load Average : 0.1 56.0 64.7 63.4 89.0 104.5 Load Average : 2.5 71.9 100.3 118.1 118.4 153.9 LA2.5 / LA0.1 1.3 1.5 1.9 1.3 1.4 600 700 800 900 1,000 Load Average : 0.1 116.2 98.2 110.4 112.9 129.1 Load Average : 2.5 165.2 167.6 196.4 240.7 262.7 LA2.5 / LA0.1 1.4 1.7 1.8 2.1 2.0 1.3 2.1 SCvanisher 1,000 1 1,000 SCvanisher 4.2.2 SCvanisher SCvanisher SCvanisher 4.1.2 (1) (8) SCvanisher Firefox Apache Apache favicon.ico 3 (2) / 1,278 / 14,299 SCvanisher SCvanisher / SCvanisher

25 / SCvanisher / SCvanisher (13,384 + 38,445)/(13,345 + 26,939) = 1.29 SCvanisher 30% 4.2.1 5. SCvanisher SCvanisher JavaScript JavaScript SCvanisher JavaScript JavaScirpt SCvanisher SCvanisher SCvanisher 4.1 Wiki SCvanisher SCvanisher Flash JavaScript Firefox MozRepl MozRepl Telnet Firefox 1 JavaScript Firefox 1 MozRepl IP prototype.js SCvanisher DoS 4.2.2 SCvanisher DoS SCvanisher 6. SCvanisher SCvanisher SCvanisher SCvanisher SCvanisher SCvanisher SCvanisher SCvanisher JavaScript Ajax

26 1) Solutions, P.: Dotfuscator (2003). http://www.preemptive.com/products/dotfuscator/overview/ 2) SHTML (2005). http://www.shtml.jp/ 3) ISEC95-25, pp.9 14 (1995). 4) Vol.J80-D-1, No.7, pp.644 652 (1997). 5) Cerven., P.: Crackproof Your Software The Best Ways to Protect Your Software Against Crackers, No Starch Press (2002). 6) Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S. and Yang., K.: On the (Im)possibility of Obfuscating Programs, Lecture Notres in Computer Science, Vol.2139, pp.1 18 (2001). 7) bruby (2002). http://bruby.sourceforge.jp/ 8) Exerb (2002). http://exerb.sourceforge.jp/ 9) 14 (2002). http://www.ipa.go.jp/nbp/14nendo/14youth/mdata/2-1.htm 10) Aptana Jaxer (2008). http://www.jaxer.org/ 11) Hanakawa, N. and Ikemiya, N.: A web browser for Ajax approach with asynchronous communication model, Proc. 2006 IEEE/WIC/ACM International Conference on Web Intelligence, pp.808 814 (2006). ( 22 2 15 ) ( 22 5 9 ) 1984 2008 2010 1960 1983 1988 1993 2004 ACM

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック