{"created":"2025-01-19T01:27:50.003752+00:00","updated":"2025-01-19T11:45:37.514097+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00228692","sets":["6164:6165:6462:11379"]},"path":["11379"],"owner":"44499","recid":"228692","title":["String Constraint Solving によるDOM-based XSS検出に向けて"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-10-23"},"_buckets":{"deposit":"ceba2f5e-e468-4122-b3c9-81eebd450ac6"},"_deposit":{"id":"228692","pid":{"type":"depid","value":"228692","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"String Constraint Solving によるDOM-based XSS検出に向けて","author_link":["613274","613273","613275","613276"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"String Constraint Solving によるDOM-based XSS検出に向けて"},{"subitem_title":"Toward DOM-based XSS Detection via String Constraint Solving","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"DOM-based XSS, String Constraint Solving, TAJS, JavaScript","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2023-10-23","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTTソフトウェアイノベーションセンタ"},{"subitem_text_value":"NTT社会情報研究所"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Software Innovation Center","subitem_text_language":"en"},{"subitem_text_value":"NTT Social Informatics Laboratories","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/228692/files/IPSJ-CSS2023079.pdf","label":"IPSJ-CSS2023079.pdf"},"date":[{"dateType":"Available","dateValue":"2025-10-23"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2023079.pdf","filesize":[{"value":"424.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"a9dfad1a-e1f1-4a56-976e-22b4a1c76187","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"山口, 大輔"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"千田, 忠賢"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Daisuke, Yamaguchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Nariyoshi, Chida","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"String constraint solving (SCS)は文字列を処理するプログラムやサニタイザの自動検証ができることから，クロスサイトスクリプティング(XSS)やSQLインジェクションなどのインジェクション脆弱性検出への応用が研究されている．しかし，それらの研究はサーバ側で実行されるプログラムの脆弱性を検出対象としており，DOM-based XSSのようなクライアント側で実行されるJavaScriptプログラムの脆弱性検出への応用は十分に研究されていない．本研究では，SCSによるDOM-based XSSの脆弱性検出を試みる．我々はJavaScriptプログラムに対してSCSを行う手法を提案し，JavaScriptの静的解析フレームワークの一つであるTAJS上に実装した．DOM-based XSSの脆弱性を含む実世界のプログラムを対象とした実験評価を行いその結果を報告する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"String constraint solving (SCS) has been studied for its application in detecting injection vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection due to its ability to automatically verify sanitizers and programs that process strings. These studies however have focused on detecting vulnerabilities in server-side programs, and there has not been sufficient research on applying it to detect vulnerabilities in JavaScript programs that run on the client side, such as DOM-based XSS. In this paper, we attempt to detect DOM-based XSS vulnerabilities using SCS. We propose a methodology to perform SCS on JavaScript programs and implement it on TAJS, one of the static analysis frameworks for JavaScript. We conduct experimental evaluations on real-world programs containing DOM-based XSS vulnerabilities and report findings.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"582","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2023論文集"}],"bibliographicPageStart":"575","bibliographicIssueDates":{"bibliographicIssueDate":"2023-10-23","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":228692,"links":{}}