{"links":{},"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00216667","sets":["1164:6389:10832:10833"]},"path":["10833"],"owner":"44499","recid":"216667","title":["抽象構文木による開発者向けDOM-Based XSS 対策支援システムの提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-02-28"},"_buckets":{"deposit":"a34b29e8-9a52-4829-81ba-f4a9bd275dd3"},"_deposit":{"id":"216667","pid":{"type":"depid","value":"216667","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"抽象構文木による開発者向けDOM-Based XSS 対策支援システムの提案","author_link":["559636","559639","559641","559637","559638","559642","559643","559640","559644","559635"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"抽象構文木による開発者向けDOM-Based XSS 対策支援システムの提案"},{"subitem_title":"DOM-Based XSS Prevention Support System for Developers Using Abstract Syntax Tree Analysis","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"SPT/ICSS ","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2022-02-28","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"関西大学大学院総合情報学研究科"},{"subitem_text_value":"関西大学総合情報学部"},{"subitem_text_value":"関西大学総合情報学部"},{"subitem_text_value":"関西大学総合情報学部"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Informatics, Kansai University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Kansai Uniersity","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Kansai Uniersity","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Kansai Uniersity","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/216667/files/IPSJ-SPT22046024.pdf","label":"IPSJ-SPT22046024.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT22046024.pdf","filesize":[{"value":"2.6 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"1ade6778-2ff7-41ad-a8d4-412291645cda","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"中原, 崇"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"井手, 脩太"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"前田, 達哉"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"波多, 悠輔"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"小林, 孝史"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Nakahara, Takashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ide, Syuta","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Maeda, Tatsuya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hata, Yusuke","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kobayashi, Takashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"XSS 脆弱性は，Web アプリケーションの実装を経由して攻撃者が任意の JavaScript を実行できる脆弱性であり，開発者にはソフトウェアの脆弱性を低減することが求められている．そこで，本稿では Web アプリケーションの開発段階において，開発者へ DOM-Based  XSS 脆弱性となりうるソースコードを警告するシステムを提案する．DOM-Based XSS の検知において，抽象構文木を用いたフロー解析を行うことで，テイント伝搬による既存の動的解析システムと比較して検知率及びパフォーマンスの向上が確認できた．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"XSS vulnerability is a vulnerability that allows an attacker to execute arbitrary JavaScript via the vulnerable implementation of a web application, and developers are required to reduce software vulnerabilities. In this paper, we propose a system that warns developers of DOM-Based XSS during the development stage. In the detection of DOM-Based XSS, flow analysis using abstract parse trees improves the detection rate and performance compared to existing dynamic analysis systems using taint propagation.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"9","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2022-02-28","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"24","bibliographicVolumeNumber":"2022-SPT-46"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:17:11.284259+00:00","updated":"2025-01-19T15:46:31.498108+00:00","id":216667}