计算机工程与应用 ›› 2013, Vol. 49 ›› Issue (14): 92-97.

• 网络、通信、安全 • 上一篇    下一篇

基于环结构技术的Web防篡改系统研究

段国云1,陈  浩2   

  1. 1.湖南科技学院 网络中心,湖南 永州 425100
    2.湖南大学 信息科学与工程学院,长沙 410082
  • 出版日期:2013-07-15 发布日期:2013-07-31

Web tamper-proofing system based on ring structure

DUAN Guoyun1, CHEN Hao2   

  1. 1.Network Center, Hunan University of Science and Engineering, Yongzhou, Hunan 425100, China
    2.School of Information Science and Engineering, Hunan University, Changsha 410082, China
  • Online:2013-07-15 Published:2013-07-31

摘要: 传统的Web防篡改系统安装于受保护服务器中,无自身安全保护措施。为减少网站页面被篡改,确保Web页面的完整性和防篡改系统自身的安全,借鉴令牌环工作原理,在已有防篡改技术的基础上提出环形网页防篡改模型,模型中引入了三线程和轮询环双重保护技术,解决了防篡改系统自身的安全问题。详细描述了系统的设计方法、工作机制及实现过程。实验证明,该系统能有效自御,在网站安全性得到保障的同时不影响服务器的工作效率。

关键词: 环形结构, 防篡改, 数字指纹, Web安全

Abstract: Traditional Web tamper-proofing systems are typically mounted in the protected server, without safety protection. In order to decrease the possibility of Web pages being tampered and to ensure the integrity of Web pages and the safety of the tamper-proofing system itself, this study, based on token-ring techniques, addresses the safety problem by proposing a ring-like tamper-proofing model in which novel defensive techniques like three-thread and polling loop are introduced. This paper describes in detail the design, implementation and evaluation of the system. The evaluations show the effectiveness of the system in terms of performance and security guarantees.

Key words: ring structure, tamper-proofing, digital fingerprint, Web security