簡易檢索 / 詳目顯示
| 研究生: |
吳孟容 Meng-jung Wu |
|---|---|
| 論文名稱: |
一個根植於作業系統核心之防止網頁竄改機制 WsP: A Websites Protector against Web Defacement Attacks |
| 指導教授: |
許富皓
Fu-hau Hsu |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 畢業學年度: | 96 |
| 語文別: | 中文 |
| 論文頁數: | 56 |
| 中文關鍵詞: | 網頁竄改 、網頁保護 、網路釣魚 、惡意軟體 |
| 外文關鍵詞: | phishing, web protection, web defacement, malware |
| 相關次數: | 點閱:11 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著網際網路的快速發展,使得網頁伺服器成為學習、教育、娛樂、資訊交換、商業服務的重要平臺。也隨著網頁的重要性與日俱增,竄改網頁便成為攻擊者破壞企業形象或表達不同意識型態的方式[1]。此外,越來越多的攻擊者侵入網頁伺服器後,在不改變網頁在瀏覽器上呈現畫面的前提下,透過網頁竄改使得原網頁成為一個釣魚網頁(phishing)[12],或於網頁內加入下載檔案的指令。只要使用者瀏覽到該被竄改的網頁,其瀏覽器就自動地將攻擊者設定的惡意程式下載至其主機內,而這些惡意程式可能會執行破壊、偷竊資料的行為或奪取使用者主機的控制權,得使用者的主機成為下一波攻擊的跳板。基於以上的理由,如何快速且有效地防止網頁竄改,變成為一件很重要的事。
本篇論文,我們提出一個根植於作業系統核心內之防止網頁竄改的機制-- WsP(Websites Protector)。WsP是以malbehavior-based的方式來偵測攻擊,所以,攻擊者即使利用網頁伺服器漏洞,如apache網頁伺服器緩衝區溢位弱點,發動攻擊,取得伺服器的Super User 權限,仍無法直接竄改網頁,除非攻擊者重新起始新的作業系統,而此動作很可能會引起原有系統管理者的注意。而在此同時除了確保網頁伺服器不會在不安全的環境下操作,WsP並不會改變網站系統管理者原有的管理網頁的方式,也就是說,我們的機制對使用者而言是完全透明的、感受不到的,但對攻擊者而言,WsP能準確地阻擋攻擊者的攻擊。
Along with the fast development of Internet, the web servers become the important platforms of learning, educating, entertainment, information exchange and commercial service. Because of the growing importance of the web pages, altering web pages becomes the way that the attackers destroy the image of enterprises or expresses different ideology.
In addition, more and more attackers intrude the web server and do not change web pages appear on the browser, but to alter the web pages make the original web pages become fishing pages or insert the command of downloading files in the web pages. As the user browses the web pages its browser downloads the malware which the attackers set up to user’s computer automatically and the malware may carry out broken or stolen the user’s data or even capture the control of user''s computer and then user''s computer becomes the springboard of next attacks. On the basis of the reasons of the above, how to prevent web pages to be defaced fast and effectively turn into a very important thing.
In this research ,we propose a protect mechanism which is based on operating system kernel against web defacement attacks-- WsP(Websites Protector). WsP is base on malbehavior approach to detect attacks, even the attackers utilizes the loophole of web servers, eg.the buffer overflow vulnerability of Apache web server, to attack web servers and then gain Super User privileges of the servers.The attacker still unable to deface web pages directly unless the attacker start new operating system but this action will possibly cause the systematic administrator’s attention. Our mechanism at the same time dose not change the existing administrator''s management, that is to say, our mechanism is totally transparent and unfeeling for user but WsP can resist the attacker’s attacks accurately.
[1] Woo, Hyung-Jin, "Propaganda Wars in Cyberspace: A Content Analysis of Web Defacement Strategies among Politically Motivated Hacker Groups,"In the annual meeting of the International Communication Association, San Diego, CA, May 27, 2003.
[2] Gene H. Kim and Eugene H. Spafford, “Writing, Supporting, and Evaluating Tripwire: A Publicly Available Security Tool,” In Proceedings of USENIX Applications Development Symposium, Toronto, Canada, April 1994.
[3] Da-Wei Lin and Yi-Min Chen, “Dynamic Webpage protection based on Content integrity,” Int. J. Management and Enterprise Development, 2008, Vol. 5, No.1, pp. 63 - 76.
[4] Web Again, http://www.lockstep.com/webagain/index.html
[5] W. Fone and P. Gregory, "Web page defacement countermeasures," In Proceedings of the 3rd International Symposium on Communication Systems Networks and Digital Signal Processing, pages 26–29, Newcastle, UK, July 2002.IEE/IEEE/BCS.
[6] A. Cooks and M. S. Olivier, “Curtailing web defacement using a read-only strategy,” in Proceedings of the 4th Annual Information Security South Africa Conference, Midrand, South Africa, June/July 2004.
[7] A. Bartoli, E. Medvet, "Automatic Integrity Checks for Remote Web Resources," IEEE Internet Computing, vol. 10, no.6, pp. 56-62, Nov/Dec, 2006
[8] Ashish Gehani, Surendar Chandra and Gershon Kedem "Augmenting storage with an intrusion response primitive to ensure the security of critical data," ACM Conference on Computer Communications Security , Taipei, Taiwan, 2006
[9] Hollander, Yona, Prevent Web Site Defacement,
http://www.mcafee.com/us/local_content/white_papers/wp_2000hollanderdefacement.pdf
[10] Hollander, Yona, The Future of Web Server Security,
http://www.mcafee.com/us/local_content/white_papers/wp_future.pdf
[11] Web Site Defacement, http://www.infinityforensics.com/defacement.pdf
[12] R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” In Proceedings of the SIGCHI conference on Human Factors in computing systems, Montréal, Québec, Canada, April, 2006.
[13] Statistics on Web Server Attacks for 2005 -2007, http://www.zone-h.org/content/view/14928/30
[14] 東森新聞 陳曉藍, 台灣駭客攻擊事件四小龍之冠,90%銀行曾遭入侵http://www.nownews.com/2007/03/08/339-2063921.htm
[15] Netcraft,May 2008 Web Server servey, http://news.netcraft.com/archives/web_server_survey.html
[16] 呂芳懌、楊子逸,“IIS 網頁伺服器Unicode 漏洞探討”,第五屆資訊管理學術暨政資訊實務研討會,警察大學,2001 年,94-100頁。
[17] Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability, http://www.securityfocus.com/bid/1806/info
[18] CERT® Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability,
http://www.cert.org/advisories/CA-2002-17.html
[19] Apache Chunked-Encoding Memory Corruption Vulnerability, http://www.securityfocus.com/bid/5033/info
[20] Apache remote exploit, http://www.derkeiler.com/Mailing-Lists/Securiteam/2005-04/0096.html
[21] CERT® Advisory CA-2002-27 Apache/mod_ssl Worm, http://www.cert.org/advisories/CA-2002-27.html
[22] Frédéric Perriot and Peter Szor, An Analysis of the Slapper Worm Exploit, http://www.symantec.com/avcenter/reference/analysis.slapper.worm.pdf
[23] Symeantect, CodeRed worm, http://www.symantec.com/security_response/writeup.jsp?docid=2001-071911-5755-99
[24] Microsoft, Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise, http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx
[25] phpBB, howdark.com exploits, http://www.phpbb.com/community/viewtopic.php?f=14&t=240513
[26] US-CERT, phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter,
http://www.kb.cert.org/vuls/id/497400
[27] Symeantect, Perl.Santy.A., http://www.symantec.com/security_response/writeup.jsp?docid=2004-122109-4444-99
[28] Robert Lemos, Net worm using Google to spread, http://news.zdnet.com/2100-1009_22-5499725.html
[29] SQL Injection Walkthrough, http://www.securiteam.com/securityreviews/5DP0N1P76E.html
[30] Microsoft『資料隱碼』SQL Injection的源由與防範之道, http://www.microsoft.com/taiwan/sql/SQL_Injection.htm
[31] 恆逸資訊 胡百敬, SQL Injection (資料隱碼)– 駭客的 SQL填空遊戲(上),
http://www.microsoft.com/taiwan/sql/SQL_Injection_G1.htm
[32] KNOPPIX, http://www.knopper.net/knoppix/index-en.html
[33] Fielding, et al, part of Hypertext Transfer Protocol -- HTTP/1.1 RFC 2616, http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
[34] LinuxQuestions.org,
http://wiki.linuxquestions.org/wiki/Securing_Apache#Dangerous_HTTP
[35] ApacheWeek, Publishing Pages with PUT, http://www.apacheweek.com/features/put
[36] Accessory Scripts,
http://www.w3.org/Daemon/User/Config/Accessories.html#POST-Script
[37] Wikipedia,Web-hosting service,
http://en.wikipedia.org/wiki/Web_hosting
[38] Web Hosting 檔案傳輸,
http://big5.website-solution.net/support_tutorial.html#da
[39] Web Hosting 網頁上傳,
http://www.webhosting.com.hk/menu.php
[40] Windows SharePoint Services,
http://technet.microsoft.com/zh-tw/windowsserver/sharepoint/bb267377
(en-us).aspx
[41] 微軟 IIS 5.0 緩衝區滿溢漏洞,
http://www.hkcert.org/archive/salert/chinese/s030318_win_webdav.html
[42] CVE-2003-0109,
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109
