Paper Abstract and Keywords |
Presentation |
2017-11-16 14:15
Xilara: XSS audItor using htmL templAte restoRAtion Keitaro Yamazaki, Daisuke Kotani, Yasuo Okabe (Kyoto Univ.) IA2017-49 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Mitigating Cross Site Scripting (XSS) is important to protect user's sensitive data in the web applications.
XSS mitigation without modifications of application's code is beneficial to protect many systems by one system. However, such mitigations depend on request or correspondence between request and response.
We propose a new XSS filter, Xilara, that audits structure of responses. First, Xilara collects normal responses and restores HTML template automatically. Second, Xilara detects the stored XSS attack by verifying if the structure of response matches with the template. Our preliminary results show that Xilara can mitigate some known stored XSS vulnerabilities in real applications with acceptable performance. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Security / XSS / Web / HTML / Cross Site Scripting / / / |
Reference Info. |
IEICE Tech. Rep., vol. 117, no. 299, IA2017-49, pp. 89-94, Nov. 2017. |
Paper # |
IA2017-49 |
Date of Issue |
2017-11-08 (IA) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IA2017-49 |
Conference Information |
Committee |
IA |
Conference Date |
2017-11-15 - 2017-11-16 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
KMITL, Bangkok, Thailand |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
IA2017 - Workshop on Internet Architecture and Applications 2017 |
Paper Information |
Registration To |
IA |
Conference Code |
2017-11-IA |
Language |
English |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Xilara: XSS audItor using htmL templAte restoRAtion |
Sub Title (in English) |
|
Keyword(1) |
Security |
Keyword(2) |
XSS |
Keyword(3) |
Web |
Keyword(4) |
HTML |
Keyword(5) |
Cross Site Scripting |
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Keitaro Yamazaki |
1st Author's Affiliation |
Kyoto University (Kyoto Univ.) |
2nd Author's Name |
Daisuke Kotani |
2nd Author's Affiliation |
Kyoto University (Kyoto Univ.) |
3rd Author's Name |
Yasuo Okabe |
3rd Author's Affiliation |
Kyoto University (Kyoto Univ.) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2017-11-16 14:15:00 |
Presentation Time |
25 minutes |
Registration for |
IA |
Paper # |
IA2017-49 |
Volume (vol) |
vol.117 |
Number (no) |
no.299 |
Page |
pp.89-94 |
#Pages |
6 |
Date of Issue |
2017-11-08 (IA) |
|