{"updated":"2025-01-19T15:04:22.574270+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00218716","sets":["934:7757:10814:10965"]},"path":["10965"],"owner":"44499","recid":"218716","title":["攻撃者視点を取り入れたクロスサイトスクリプティング対策の実践的演習システムの開発と評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-06-23"},"_buckets":{"deposit":"05a1456a-9043-4229-8e67-9b87ffff054f"},"_deposit":{"id":"218716","pid":{"type":"depid","value":"218716","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"攻撃者視点を取り入れたクロスサイトスクリプティング対策の実践的演習システムの開発と評価","author_link":["569436","569434","569433","569435","569437","569438"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"攻撃者視点を取り入れたクロスサイトスクリプティング対策の実践的演習システムの開発と評価"},{"subitem_title":"Development and Evaluation of a Hands-on System Incorporating the Attacker's Perspective for Learning Cross-site Scripting Countermeasures","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[ショートペーパー] ネットワークセキュリティ，仮想化技術，Webアプリケーション，セキュアプログラミング，演習システム","subitem_subject_scheme":"Other"}]},"item_type_id":"3","publish_date":"2022-06-23","item_3_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"近畿大学大学院総合理工学研究科"},{"subitem_text_value":"近畿大学情報学部情報学科／近畿大学情報学研究所"},{"subitem_text_value":"近畿大学情報学部情報学科／近畿大学情報学研究所"}]},"item_3_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Science and Engineering, Kindai University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Kindai University / Cyber Informatics Research Institute, Kindai University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Informatics, Kindai University / Cyber Informatics Research Institute, Kindai University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/218716/files/IPSJ-TCE0802008.pdf","label":"IPSJ-TCE0802008.pdf"},"date":[{"dateType":"Available","dateValue":"2024-06-23"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-TCE0802008.pdf","filesize":[{"value":"1.6 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"19"},{"tax":["include_tax"],"price":"0","billingrole":"45"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"79565ead-d81b-4810-840a-aa5a0455831e","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_3_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"岸本, 和理"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"谷口, 義明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"井口, 信和"}],"nameIdentifiers":[{}]}]},"item_3_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kazuri, Kishimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiaki, Taniguchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Nobukazu, Iguchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_3_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12697953","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_3_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-4234","subitem_source_identifier_type":"ISSN"}]},"item_3_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Webアプリケーションの脆弱性を悪用した主要な攻撃の1つにクロスサイトスクリプティング（XSS）攻撃がある．Webアプリケーション内のXSS脆弱性を減らすためには，Webアプリケーション開発者が，XSS攻撃および対策手法を学ぶだけでなく，攻撃者視点でXSS脆弱性を発見するための知識やスキルを習得することが重要であると考えられる．そこで本稿では，攻撃者視点を取り入れたXSS演習システムを開発する．学習者はWebブラウザ，仮想ネットワーク上に構築したWebサーバ，攻撃者ホストを使って学習や演習を実施する．情報系学科の学生を対象とした実験の結果，本システムを用いることにより座学と比較してXSS対策の学習を支援できることを確認した．","subitem_description_type":"Other"}]},"item_3_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Cross-site scripting is a typical attack that exploits web application vulnerabilities. In this paper, we develop a hands-on system incorporating the attacker's perspective for learning how to create secure web applications against cross-site scripting. Our system considers not only learning of attack and countermeasure methods but also learning of vulnerability detection methods. As a result of experiments targeting students, we confirmed that our system can support learning of cross-site scripting measures compared to classroom lectures.","subitem_description_type":"Other"}]},"item_3_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"81","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌教育とコンピュータ（TCE）"}],"bibliographicPageStart":"76","bibliographicIssueDates":{"bibliographicIssueDate":"2022-06-23","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"8"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:19:03.895240+00:00","id":218716,"links":{}}