{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00222841","sets":["581:10784:10798"]},"path":["10798"],"owner":"44499","recid":"222841","title":["マイクロフロントエンドにおけるDOM Based XSS攻撃に対するテストベースホワイトリストの有用性"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-12-15"},"_buckets":{"deposit":"f681dc30-9e77-4879-870c-efeeadbeb783"},"_deposit":{"id":"222841","pid":{"type":"depid","value":"222841","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"マイクロフロントエンドにおけるDOM Based XSS攻撃に対するテストベースホワイトリストの有用性","author_link":["585190","585186","585191","585183","585187","585185","585181","585188","585189","585182","585180","585184"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"マイクロフロントエンドにおけるDOM Based XSS攻撃に対するテストベースホワイトリストの有用性"},{"subitem_title":"Effectiveness of Examination-based Whitelist for DOM Based XSS Attacks in Micro Front-end","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:持続可能な社会のIT基盤に向けた情報セキュリティとトラスト] マイクロサービスアーキテクチャ，マイクロフロントエンド，DOM Based XSS，テストベースホワイトリスト，セキュリティポリシ","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2022-12-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/222841/files/IPSJ-JNL6312017.pdf","label":"IPSJ-JNL6312017.pdf"},"date":[{"dateType":"Available","dateValue":"2024-12-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6312017.pdf","filesize":[{"value":"4.5 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"6993f59f-0fb8-47d1-b951-0b8e27b3b1e3","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"井坂, 佑介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"天笠, 智哉"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"奥村, 紗名"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"佐々木, 葵"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"大木, 哲史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yusuke, Isaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tomoya, Amagasa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Sana, Okumura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Aoi, Sasaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tetsushi, Ohki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Webサービスの複雑化にともない，マイクロフロントエンド（MFE）型のWebアプリケーション開発へと移行している．しかし，MFEにおいては，マイクロサービスどうしを組み上げる際に，各マイクロサービス間でセキュリティポリシのコンフリクトが発生しうる．この課題に対処する方法としては，セキュアプログラミングガイドラインの運用によってマイクロサービス間のセキュリティポリシを共通化する方法や，API Gatewayによってセキュリティポリシの調停を行う方法があげられる．しかし，セキュアプログラミングガイドラインの導入は，サービスの開発に注力したい開発者にとって技術的・作業的負担が大きいという問題がある．また，DOM Based XSS攻撃のようにフロントエンドで攻撃が完結するものに対しては，API Gatewayでの調停が機能しないという問題がある．そこで本論文では，MFE型Webアプリケーションに対し，テストベースホワイトリストを利用したセキュリティ機構を採用することを提案する．提案方式により，既存のマイクロサービスの再利用性を高めつつ，MFE型WebアプリケーションのDOM Based XSS対策を達成する．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"As the complexity of Web services increases, Web application developments are migrating to Micro Front-end (MFE). However, in MFE, the security policies of each microservice may conflict each other when assembling microservices. There are two ways to deal with this challenge: one is to standardize security policies among microservices by implementing secure programing guidelines, and the other is to mediate security policies among microservices by using API Gateway. However, the introduction of secure programing guidelines is technically and operationally burdensome for developers who want to focus on service design. In addition, mediation using the API Gateway does not work for attacks that are completed in the front-end, such as DOM Based XSS attacks. Therefore, in this paper, we propose to adopt a security mechanism using a test-based whitelist for MFE Web applications. The proposed scheme achieves DOM Based XSS attacks countermeasures for MFE Web applications while enhancing the reusability of existing microservices.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1803","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1786","bibliographicIssueDates":{"bibliographicIssueDate":"2022-12-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"12","bibliographicVolumeNumber":"63"}]},"relation_version_is_last":true,"item_2_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.20729/00222732","subitem_identifier_reg_type":"JaLC"}]},"weko_creator_id":"44499"},"id":222841,"updated":"2025-01-19T13:32:56.286659+00:00","links":{},"created":"2025-01-19T01:22:46.645568+00:00"}