期刊导航

论文摘要

当前位置: 首页 > 期刊导航 > 工程科学类期刊 > 工程科学与技术 > 论文摘要 > 正文

基于反调试的JavaScript代码保护方法研究

Research on JavaScript Code Protection Through Anti-debugging

作者:陈晓江(西北大学 信息科学与技术学院;西北大学-爱迪德物联网信息安全联合实验室);董浩(西北大学 信息科学与技术学院;西北大学-爱迪德物联网信息安全联合实验室);房鼎益(西北大学 信息科学与技术学院;西北大学-爱迪德物联网信息安全联合实验室);王怀军(西安理工大学 计算机科学与工程学院);张凡(西北大学-爱迪德物联网信息安全联合实验室;爱迪德技术(北京)有限公司)

Author:Chen Xiaojiang(School of Info. Sci. and Technol.,Northwest Univ.;NWU-Irdeto IoT and Info. Security Joint Lab.(NISL));Dong Hao(School of Info. Sci. and Technol.,Northwest Univ.;NWU-Irdeto IoT and Info. Security Joint Lab.(NISL));Fang Dingyi(School of Info. Sci. and Technol.,Northwest Univ.;NWU-Irdeto IoT and Info. Security Joint Lab.(NISL));Wang Huaijun(School of Computer Sci. and Eng.,Xi’an Univ. of Technol.);Zhang Fan(NWU-Irdeto IoT and Info. Security Joint Lab.(NISL);Irdeto Access Technol.(Beijing) Co. Ltd.)

收稿日期:2014-06-24          年卷(期)页码:2015,47(1):27-35

期刊名称:工程科学与技术

Journal Name:Advanced Engineering Sciences

关键字:HTML5;JavaScript代码保护;反调试

Key words:HTML5;JavaScript code protection;anti-debugging

基金项目:国家科技支撑计划资助项目(2013BAK01B02);国家自然科学基金资助项目(61170218;61272461;61202393);陕西省教育厅产业化培育项目资助(2013JC07);陕西省自然科学基础研究计划资助项目(2012JQ8049)

中文摘要

为了消除攻击者动态调试JavaScript代码给HTML5应用程序带来的安全威胁,提出一种基于反调试的代码保护方法。在深入分析Firefox及Chrome浏览器中调试器工作原理的基础上,探索了主流浏览器平台中调试器运行时的特征。基于调试器特征构造检测调试行为的JavaScript代码片,并结合针对调试行为的响应策略达到反动态调试目的。通过攻击实例验证了该方法的有效性,在不影响程序性能的前提下提升了Web应用程序的安全性。

英文摘要

In order to eliminate the security threat to HTML5 applications posed by debugging JavaScript code during attack process, a method of protecting JavaScript code through anti-debugging was proposed. The JavaScript debugging principle on Firefox and Chrome was analyzed, and the runtime features introduced by these mainstream browsers’ debuggers were explored. Then combined with these features and some penalties to the debugging behavior, some anti-debugging approaches were devised and applied to achieve anti-debugging protection on Web applications. The experiments showed that these anti-debugging approaches can effectively protect Web applications from being debugged dynamically without much overhead.

关闭

Copyright © 2020四川大学期刊社 版权所有.

地址:成都市一环路南一段24号

邮编:610065