| Presentation | 2019-06-12 Detection of Reflected XSS by Using Dynamic Information Flow Tracking Shunsuke Tsukamoto, Shuichi Sakai, Hidetsugu Irie, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | XSS Auditor is a system that detects reflected XSS attacks in the client side. While it enhances resistance against reflected XSS, it also causes other types of security vulnerability, such as Universal XSS or information leak, because of false positives that structurally cannot be avoided. This article proposes a system that detects reflected XSS with almost no false positives. It is achieved by the server application to track the flow of data which is sent from the client and feed back the result to the client. The experiment shows that the proposed method is able to detect reflected XSS attacks at the same accuracy as the existing system without false positives. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Cross-Site Scripting (XSS) / Dynamic Information Flow Tracking (DIFT) / XSS Auditor |
| Paper # | CPSY2019-10,DC2019-10 |
| Date of Issue | 2019-06-04 (CPSY, DC) |
| Conference Information | |
| Committee | DC / CPSY / IPSJ-ARC |
|---|---|
| Conference Date | 2019/6/11(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | National Park Resort Ibusuki |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Architecture, Computer Systems, Dependable Computing, etc. (HotSPA2019) |
| Chair | Satoshi Fukumoto(Tokyo Metropolitan Univ.) / Hidetsugu Irie(Univ. of Tokyo) / Hiroshi Inoue(Kyushu Univ.) |
| Vice Chair | Hiroshi Takahashi(Ehime Univ.) / Michihiro Koibuchi(NII) / Kota Nakajima(Fujitsu Lab.) |
| Secretary | Hiroshi Takahashi(Nihon Univ.) / Michihiro Koibuchi(Chiba Univ.) / Kota Nakajima(Nagoya Inst. of Tech.) / (Hokkaido Univ.) |
| Assistant | / Eiji Arima(Univ. of Tokyo) / Shugo Ogawa(Hitachi) |
| Paper Information | |
| Registration To | Technical Committee on Dependable Computing / Technical Committee on Computer Systems / Special Interest Group on System Architecture |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Detection of Reflected XSS by Using Dynamic Information Flow Tracking |
| Sub Title (in English) | |
| Keyword(1) | Cross-Site Scripting (XSS) |
| Keyword(2) | Dynamic Information Flow Tracking (DIFT) |
| Keyword(3) | XSS Auditor |
| 1st Author's Name | Shunsuke Tsukamoto |
| 1st Author's Affiliation | The University of Tokyo(Tokyo Univ.) |
| 2nd Author's Name | Shuichi Sakai |
| 2nd Author's Affiliation | The University of Tokyo(Tokyo Univ.) |
| 3rd Author's Name | Hidetsugu Irie |
| 3rd Author's Affiliation | The University of Tokyo(Tokyo Univ.) |
| Date | 2019-06-12 |
| Paper # | CPSY2019-10,DC2019-10 |
| Volume (vol) | vol.119 |
| Number (no) | CPSY-76,DC-77 |
| Page | pp.pp.93-98(CPSY), pp.93-98(DC), |
| #Pages | 6 |
| Date of Issue | 2019-06-04 (CPSY, DC) |