{"title":"多样化冗余系统中Web应用程序的自动指令集随机化","authors":"Frédéric Majorczyk, Jonathan-Christofer Demay","doi":"10.1109/ARES.2009.64","DOIUrl":null,"url":null,"abstract":"The use of diversity and redundancy in the security domain is an interesting approach to prevent or detect intrusions. Many researchers have proposed architectures based on those concepts where diversity is either natural or artificial. These architectures are based on the architecture of N-version programming and were often instantiated for web servers without taking into account the web application(s) running on those. In this article, we present a solution to protect the web applications running on this kind of architectures in order to detect and tolerate code injection intrusions. Our solution consists in creating diversity in the web application scripts by randomizing the language understood by the interpreter so that an injected code can not be executed by all the servers. We also present the issues related to the automatization of our solution and present some solutions to tackle these issues.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Automated Instruction-Set Randomization for Web Applications in Diversified Redundant Systems\",\"authors\":\"Frédéric Majorczyk, Jonathan-Christofer Demay\",\"doi\":\"10.1109/ARES.2009.64\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The use of diversity and redundancy in the security domain is an interesting approach to prevent or detect intrusions. Many researchers have proposed architectures based on those concepts where diversity is either natural or artificial. These architectures are based on the architecture of N-version programming and were often instantiated for web servers without taking into account the web application(s) running on those. In this article, we present a solution to protect the web applications running on this kind of architectures in order to detect and tolerate code injection intrusions. Our solution consists in creating diversity in the web application scripts by randomizing the language understood by the interpreter so that an injected code can not be executed by all the servers. We also present the issues related to the automatization of our solution and present some solutions to tackle these issues.\",\"PeriodicalId\":169468,\"journal\":{\"name\":\"2009 International Conference on Availability, Reliability and Security\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2009.64\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2009.64","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automated Instruction-Set Randomization for Web Applications in Diversified Redundant Systems
The use of diversity and redundancy in the security domain is an interesting approach to prevent or detect intrusions. Many researchers have proposed architectures based on those concepts where diversity is either natural or artificial. These architectures are based on the architecture of N-version programming and were often instantiated for web servers without taking into account the web application(s) running on those. In this article, we present a solution to protect the web applications running on this kind of architectures in order to detect and tolerate code injection intrusions. Our solution consists in creating diversity in the web application scripts by randomizing the language understood by the interpreter so that an injected code can not be executed by all the servers. We also present the issues related to the automatization of our solution and present some solutions to tackle these issues.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
