Computer Engineering and Applications ›› 2010, Vol. 46 ›› Issue (21): 135-137.DOI: 10.3778/j.issn.1002-8331.2010.21.038

• 网络、通信、安全 • Previous Articles     Next Articles

Mechanism and prevention of cross-domain Web page malicious code

LI Zhi-yong1,XUE Liang2,TAO Ran1,ZHANG Hao1   

  1. 1.School of Information Technology,Beijing Institute of Technology,Beijing 100081,China
    2.Navy Academy of Armament,Beijing 100161,China
  • Received:2009-04-02 Revised:2009-05-18 Online:2010-07-21 Published:2010-07-21
  • Contact: LI Zhi-yong

跨安全域网页恶意代码运行机理与防范

李志勇1,薛 亮2,陶 然1,张 昊1   

  1. 1.北京理工大学 信息科学技术学院,北京 100081
    2.海军装备研究院,北京 100161
  • 通讯作者: 李志勇

Abstract: The Web page malicious code is a main way for the trojan to spread.Many trojan programs can be made as Web page malicious code to spread and do harm to users.The operation mechanism of Web page malicious code is analysed.The method that Web malicious code crosses the security domain is discussed.The reasons of cross-domain vulnerability are analysed.Then methods are given to prevent the cross-domain Web page malicious code in the developer’s view,in order to provide a safe network environment for Internet users.

Key words: Web page malicious code, security domain, cross-domain vulnerability

摘要: 网页恶意代码是木马用来传播的主要方式之一,各种有危害性的木马都可以做成网页恶意代码来传播危害用户,通过分析网页恶意代码的运行机理,对其中网页恶意代码实现跨安全域的方法进行深入探讨,分析跨域漏洞形成原因,从程序开发人员的角度给出跨域网页恶意代码的防范方法,为上网用户提供安全的网络环境。

关键词: 网页恶意代码, 安全域, 跨域漏洞

CLC Number: