{"updated":"2025-01-20T13:11:52.779790+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00157838","sets":["1164:3925:8483:8602"]},"path":["8602"],"owner":"11","recid":"157838","title":["オブジェクト指向のWebアプリケーションに対するXSS攻撃脆弱性の静的解析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2016-02-25"},"_buckets":{"deposit":"1c8b9c0b-764d-41ee-848b-08d90d0131cd"},"_deposit":{"id":"157838","pid":{"type":"depid","value":"157838","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"オブジェクト指向のWebアプリケーションに対するXSS攻撃脆弱性の静的解析","author_link":["299711","299710","299709","299712"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"オブジェクト指向のWebアプリケーションに対するXSS攻撃脆弱性の静的解析"},{"subitem_title":"Static analysis of XSS attacks vulnerabilities in Web applications implemented with object oriented programming","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュア設計･開発／脆弱性対策","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2016-02-25","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京大学生産技術研究所"},{"subitem_text_value":"東京大学生産技術研究所"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Institute of Industrial Science, the University of Tokyo","subitem_text_language":"en"},{"subitem_text_value":"Institute of Industrial Science, the University of Tokyo","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/157838/files/IPSJ-CSEC16072002.pdf","label":"IPSJ-CSEC16072002.pdf"},"date":[{"dateType":"Available","dateValue":"2018-02-25"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC16072002.pdf","filesize":[{"value":"1.4 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"9670254c-38a1-4d10-8b1a-16531222ede7","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2016 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"林, 昌吾"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"松浦, 幹太"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shogo, Hayashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kanta, Matsuura","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Web アプリケーションは日常の様々な場面で利用されるが，その中には脆弱性が存在するものも多い．中でもクロスサイトスクリプティング (XSS) 攻撃は数多くの研究がなされてきているにも関わらず Web アプリケーションの脆弱性の中で常に首位を争う脅威となっている攻撃であり，攻撃手法は多様化している．防御策について，Open Web Application Project (OWASP) のようにチェックシートを公開している組織も存在するが，開発者全員がこれらを基に安全な実装するのは容易ではない．それ故，脆弱性を自動で検知するツールの有用性は高く，そのような目標を達成しようとしている既存研究も存在するが，検知精度が十分ではない．そのような研究も存在する．しかし、既存研究では精度が低い．特に，スクリプト言語に適用可能なオブジェクト指向に対する研究はあまりなされていない．そこで本研究では 2 方向後方脆弱性分析とクラスキャッシュという概念を導入して，オブジェクト指向で実装されたソースコードの XSS 攻撃脆弱性を静的解析するための手法の提案と実装評価を行う．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2016-02-25","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2016-CSEC-72"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:31:39.940642+00:00","id":157838,"links":{}}