{"created":"2025-01-19T01:08:47.538611+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00206885","sets":["581:10023:10032"]},"path":["10032"],"owner":"44499","recid":"206885","title":["テストベースホワイトリストとCSPの組合せによる効果的なXSS対策の実現"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-09-15"},"_buckets":{"deposit":"19f3b72d-c20e-46a1-ba23-5080dc53e777"},"_deposit":{"id":"206885","pid":{"type":"depid","value":"206885","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"テストベースホワイトリストとCSPの組合せによる効果的なXSS対策の実現","author_link":["515191","515187","515188","515189","515186","515192","515184","515190","515193","515194","515183","515185"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"テストベースホワイトリストとCSPの組合せによる効果的なXSS対策の実現"},{"subitem_title":"Realization of Effective XSS Attack Countermeasure based on the Combination of Examination-based Whitelist and CSP","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：実社会を支える暗号・セキュリティ・プライバシ技術] クロスサイトスクリプティング，Content Security Policy，ホワイトリスト，自動生成，テストケース","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2020-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"三菱電機インフォメーションネットワーク株式会社"},{"subitem_text_value":"静岡大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Mitsubishi Electric Information Network Corporation","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/206885/files/IPSJ-JNL6109005.pdf","label":"IPSJ-JNL6109005.pdf"},"date":[{"dateType":"Available","dateValue":"2022-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6109005.pdf","filesize":[{"value":"2.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"0db245dd-0c8d-4eb2-8250-07ed826134c2","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2020 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"井上, 佳祐"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"本多, 俊貴"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"向山, 浩平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"大木, 哲史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"堀川, 博史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Keisuke, Inoue","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshiki, Honda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kohei, Mukaiyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tetsushi, Ohki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroshi, Horikawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Software as a Service（SaaS）などのクラウドサービスの普及にともない，Webアプリケーションに対する攻撃が急増している．本論文ではクロスサイトスクリプティング（以下，XSS）に焦点を当て，その対策を検討する．現在，XSSの効果的な対策としてContent Security Policy（以下，CSP）が普及しつつある．CSPを利用して，インラインスクリプトに対してはその動作を禁止し，外部スクリプトに対してはそのコード署名を検証することで，開発者が意図したスクリプトのみを動作させることが可能となる．しかし，現在のWebサービスにおいてインラインスクリプトを利用していないWebサイトは数少ないため，CSPのみでは十分なXSS対策を実現し得ない．そこで本論文では，CSPとホワイトリストを併用することによって，効果的なXSS対策を達成する．提案方式は，外部スクリプトに対しては，CSPのコード署名によって開発者の意図したスクリプトのみの実行を許可する．提案方式は，コード署名による対策が難しく，サニタイジングの不備の影響を大きく受けるインラインスクリプトに対しては，テストベースホワイトリストを用いたXSS対策を提案する．テストベースホワイトリスト方式では，開発プロセスの最終段階で行われるソフトウェアテストを通じ，各Webアプリケーションの仕様に合致するホワイトリストが自動生成される．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Owing to the widespread usage of cloud services (such as “software as a service”), attacks targeting web applications are rapidly increasing. In this study, we focus on Cross Site Scripting (XSS) attacks and consider the corresponding countermeasures. Currently, Content Security Policy (CSP) is considered as an effective countermeasure for addressing XSS attacks. CSP can prevent XSS attacks by prohibiting script action of inline scripts and verifying external scripts using their code signatures. However, a large number of websites do use inline scripting in their web services, and they are therefore not protected by solely utilizing CSP. Hence, our objective is to develop effective XSS countermeasures by combining whitelists with CSP. The proposed method employs CSP for protecting external scripts by incorporating the associated code signatures. Additionally, the proposed method incorporates whitelists as countermeasures for addressing inline scripts that are difficult to manage. Through the software testing performed during the final stage of the development process, it is possible to automatically generate a whitelist that matches the specifications of each web application.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1387","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1374","bibliographicIssueDates":{"bibliographicIssueDate":"2020-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"61"}]},"relation_version_is_last":true,"item_2_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.20729/00206785","subitem_identifier_reg_type":"JaLC"}]},"weko_creator_id":"44499"},"id":206885,"updated":"2025-01-19T19:15:39.504839+00:00","links":{}}