簡易檢索 / 詳目顯示

回結果列表
研究生: 馬健原
Ma, Jian-Yuan
論文名稱: 植基於檔案格式轉換之惡意程式碼破壞系統
Suppress Malicious Scripts by File Format Conversion
指導教授: 李忠憲
Li, Jung-Shian
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2011
畢業學年度: 99
語文別: 英文
論文頁數: 39
中文關鍵詞: 多媒體上傳檔案攻擊檔案格式轉換
外文關鍵詞: Multimedia, uploading file attack, transcoding
相關次數: 點閱:103下載:3
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 在現今的網路環境中,人們可以自由分享任意檔案到網路上。例如透過Youtube或是Flickr網站分享影片及圖片等等。然而,在其中可能存在惡意攻擊者將惡意程式碼嵌入上傳的檔案中,使不知情使用者在瀏覽時受損害。對於此種透過上傳檔案進行之攻擊,本研究將其分為以下兩類:(1)網頁程式檔案攻擊、(2)多媒體檔案攻擊。對於網頁程式檔案攻擊,過往的學者提出了各式的方法作為防護。然而,在多媒體檔案攻擊方面卻少有防護方法。因此,本研究提出及實作一植基於檔案格式轉換之惡意程式碼破壞系統,此系統利用檔案格式轉換破壞多媒體檔案中惡意程式碼之邏輯結構,使惡意程式碼無法執行,達到防護多媒體檔案攻擊目標。
    本研究透過實驗驗證此系統適用於各種多媒體檔案(例:BMP、PNG、AVI)並可確實破壞惡意程式碼。然而在進行檔案格式轉換時會造成檔案之失真,因此我們進一步探討轉換時所使用的檔案格式對惡意程式碼破壞效果及失真之影響以改善系統之功能,並確保能在可接受的失真程度下達到破壞惡意程式碼之目標,協助使用者防護上傳惡意多媒體檔案之攻擊。

    On the Internet, people can easily share files. For example, people can share videos and pictures on websites like Youtube or Flickr. However, there may be malicious attackers who upload files with embedded malicious scripts. Users who are negligent in protecting themselves may be vulnerable from attack when browsing files with malicious scripts. These types of attacks are divided into two categories: web page file attack and multimedia file attack. For web page file attack, there are many kinds of protection methods. However, studies on protecting users from multimedia file attack are few. Therefore, we propose a malicious script suppression system based on file format conversion (i.e. transcoding) to protect users from multimedia file attack. In our system, file format conversion is used to destructively transform the structure of the malicious scripts so they become inactive.
    In this study, we verify that our system is suitable for many kinds of multimedia files (e.g. BMP, AVI) and able to suppress malicious scripts in multimedia file. However, file format conversion not only inactivates malicious scripts but also contributes to conversion loss. Therefore, we explore the conversion loss effect on variety of file formats to find the optimal conversion method experimentally. Furthermore, we explore the effectiveness of suppressing malicious scripts on variety of file formats and verify that the system prevents multimedia file attacks.

    List of Tables IX List of Figures X Chapter 1 Introduction 1 1.1 Motivation 2 1.2 Contribution 3 1.3 Thesis Organization 4 Chapter 2 Background Knowledge 5 2.1 Uploading file attack 5 2.1.1 Web Page File Attack 5 2.1.2 Multimedia File Attack 6 2.2 File Format Conversion 9 2.2.1 What is File Format Conversion 9 2.2.2 Conversion Loss 10 Chapter 3 Related Work 11 3.1 Client-Side Protection Methods 11 3.2 Server-Side Protection Methods 12 3.3 Protection Methods of multimedia file attack 13 Chapter 4 Malicious Script Suppression System 15 4.1 System Principle 15 4.2 System Objective 15 4.3 System Architecture 16 4.4 File Type Detection Module 16 4.5 File Conversion Module 17 4.5.1 File Conversion Module for Images 18 4.5.2 File Conversion Module for Videos 20 4.6 Applicable Scope 20 Chapter 5 Image Conversion Experiment 22 5.1 Evaluation Method 22 5.2 Objects and Steps 24 5.3 Experimental Results 24 Chapter 6 Video Conversion Experiment 30 6.1 Evaluation Method 30 6.2 Objects and Steps 32 6.3 Experimental Results 32 Chapter 7 Conclusion 35 Chapter 8 Future Work 36 References 37

    [1] A. Barth, C. Jackson, and J.C. Mitchell, "Securing Frame Communication in Browsers", In Proceedings of USENIX Security Symposium, 2008, pp.17-30.
    [2] A. Barth, J. Caballero, and D. Song, "Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves", In Proceedings of IEEE Symposium on Security and Privacy, 2009, pp.360-371.
    [3] A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans, "Automatically Hardening Web Applications Using Precise Tainting", In Proceedings of IFIP International Information Security Conference (SEC), 2005, pp.295-308.
    [4] C. Reis, J. Dunagan, H.J. Wang, O. Dubrovsky, and S. Esmeir, "BrowserShield: Vulnerability-driven filtering of dynamic HTML", In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2006.
    [5] C. Grier, S. Tang, and S.T. King, "Secure Web Browsing with the OP Web Browser", In Proceedings of IEEE Symposium on Security and Privacy, 2008, pp.402-416.
    [6] C. Jackson and H.J. Wang, "Subspace: secure cross-domain communication for web mashups", In Proceedings of the 16th International World Wide Web Conference, 2007, pp.611-620.
    [7] E. Athanasopoulos, V. Pappas, and E. P. Markatos, “Code-Injection Attacks in Browsers Supporting Policies”, In Proceedings of the IEEE Web 2.0 Security and Privacy Workshop, 2009.
    [8] EUROSEC GmbH Chiffriertechnik, and Sicherheit, “Filtering JavaScript to Prevent Cross-Site Scripting”, In Proceedings of European Workshop on System Security, 2005.
    [9] F.D. Keukelaere, S. Bhola, M. Steiner, S. Chari, and S. Yoshihama, "SMash: secure component model for cross-domain mashups on unmodified browsers", In Proceedings of the 17th International World Wide Web Conference, 2008, pp.535-544.
    [10] J. Magazinius, A. Askarov, and A. Sabelfeld, “A lattice-based approach to mashup security”, In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10), 2010, pp.15-23.
    [11] N. Jovanovic, C. Kruegel, and E. Kirda, "Precise alias analysis for static detection of web application vulnerabilities", In Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), 2006, pp.27-36.
    [12] O. Hallaraker and G. Vigna, "Detecting Malicious JavaScript Code in Mozilla", In Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), 2005, pp.85-94.
    [13] P. Wurzinger, C. Platzer, C. Ludl, E. Kirda, and C. Kruegelk, ”SWAP: Mitigating XSS Attacks using a Reverse Proxy”, In Proceedings of ICSE Workshop on Software Engineering for Secure Systems, 2009, pp.33-39.
    [14] P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Krügel, and G. Vigna, "Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis", In Proceedings of Network and Distributed System Security Symposium (NDSS), 2007.
    [15] R.S. Cox, S.D. Gribble, H.M. Levy, and J.G. Hansen, "A Safety-Oriented Platform for Web Applications", In Proceedings of IEEE Symposium on Security and Privacy, 2006, pp.350-364.
    [16] S. Crites, F. Hsu, and H. Chen, "OMash: enabling secure web mashups via object abstractions", In Proceedings of ACM Conference on Computer and Communications Security, 2008, pp.99-108.
    [17] T. Oda, G. Wurster, P.C.V. Oorschot, and A. Somayaji, "SOMA: mutual approval for included content in web pages", In Proceedings of ACM Conference on Computer and Communications Security, 2008, pp.89-98.
    [18] 檔案副檔名(File Extensions)列表來源, http://www.sharpened.net/extensions/file/jpg.
    [19] 檔案標頭(File Header)列表來源, http://www.garykessler.net/library/file_sigs.html.
    [20] 檔案標頭(File Header)列表來源, http://www.martinreddy.net/gfx/2d-hi.html.
    [21] Symantec Global Internet Security Threat Report Trends for 2009 Volume XV Published April 2010.
    [22] IMB Managed Security Service, http://blogs.iss.net/archive/2009trendhighlights.html
    [23] File Format Conversion, http://en.wikipedia.org/wiki/Transcoding
    [24] Code Injection, http://en.wikipedia.org/wiki/Code_injection
    [25] EXIF, http://en.wikipedia.org/wiki/Exchangeable_image_file_format
    [26] Resolution, http://en.wikipedia.org/wiki/Image_resolution
    [27] Variable Bit Rate (VBR), http://en.wikipedia.org/wiki/Variable_bitrate
    [28] File Format standard http://www.wotsit.org
    [29] PSNR http://en.wikipedia.org/wiki/Peak_signal-to-noise_ratio

    下載圖示
    2016-08-15公開
    QR CODE