| OpenSSL Heartbleed漏洞攻击原理及防范方法研究 |
| |
| 引用本文: | 安思华,;易平,;王春新,;李朝峰.OpenSSL Heartbleed漏洞攻击原理及防范方法研究[J].通信技术,2014(7):795-799. |
| |
| 作者姓名: | 安思华 ;易平 ;王春新 ;李朝峰 |
| |
| 作者单位: | [1]上海交通大学电子信息与电气工程学院,上海200210; [2]北京国电通网络技术有限公司,北京100070 |
| |
| 基金项目: | 国家自然科学基金(No.61170164) |
| |
| 摘 要: | OpenSSL是一套开放源代码的安全套接字层密码库,以C语言所写成,实现了基本的传输层数据加密功能。OpenSSL被广泛应用于各大网银、在线支付、电商网站、门户网站、电子邮件等领域,因此它的安全可靠性非常重要。OpenSSL的漏洞可能引发很大的网络灾难,因此非常有必要对它的安全漏洞进行研究。介绍了最新发现的基于OpenSSL的Heartbleed漏洞攻击原理与防范方法。首先介绍了OpenSSL概念,然后分析了Heartbleed攻击原理,最后介绍了修补Heartbleed攻击漏洞的方法。
|
| 关 键 词: | OpenSSL Heartbleed 漏洞攻击原理 防范方法 |
Study on OpenSSL Heartbleed Attack Principle and Defense Method |
| |
| Affiliation: | AN Si-hua, YI Ping, WANG Xin-chun , LI Chao-feng ( 1. School of Electronic Information and Electrical Engineering, Shanghai 200210, China; 2. Beijing Guodiantong Network Technology Co. LTD, Beijing 100070, China) |
| |
| Abstract: | OpenSSL is an open source code library of secure sockets layer. It is accomplished with C. It achieves the basic function of transport layer data encryption. OpenSSL is widely used in major online banking,online payment,electricity supplier sites,portal website,email,and other fields. So OpenSSL 's safety and reliability are very import. Since OpenSSL's vulnerabilities may lead to a large network disaster,it is necessary to study its vulnerability. The article introduces the newly discovered loophole named OpenSSL Heartbleed,analyzes the attack principle and introduces some methods to defense this attack.First it proposes the concept of OpenSSL,then analyzes the attack principle of Heartbleed,at last introduces some methods to prevention this attack. |
| |
| Keywords: | OpenSSL Heartbleed principle of the attack defense methods |
| 本文献已被 维普 等数据库收录! |
|
