ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (10): 2163-2172.doi: 10.7544/issn1000-1239.2016.20160686

所属专题: 2016网络空间共享安全研究进展专题

• 信息安全 • 上一篇    下一篇

HTML5新特性安全研究综述

张玉清1,2,贾岩1,雷柯楠1,吕少卿3,乐洪舟1   

  1. 1(综合业务网理论及关键技术国家重点实验室(西安电子科技大学) 西安 710071); 2(中国科学院大学国家计算机网络入侵防范中心 北京 101408); 3(陕西省信息通信网络及安全重点实验室(西安邮电大学) 西安 710121) (zhangyq@nipc.org.cn)
  • 出版日期: 2016-10-01
  • 基金资助: 
    国家自然科学基金项目(61272481,61572460);国家发改委信息安全专项[(2012)1424];国家重点研发计划项目(2016YFB0800703);国家111项目(B16037);教育部-中国移动科研基金项目(MCM20130431) This work was supported by the National Natural Science Foundation of China (61272481,61572460), the National Information Security Special Projects of National Development and Reform Commission of China [(2012)1424], the National Key Research and Development Project (2016YFB0800703), China 111 Project (B16037), and the Research Fund of Ministry of Education-China Mobile (MCM20130431).

Survey of HTML5 New Features Security

Zhang Yuqing1,2, Jia Yan1, Lei Kenan1, Lü Shaoqing3, Yue Hongzhou1   

  1. 1(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710071); 2(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408); 3(Shaanxi Key Laboratory of Information Communication Network and Security (Xi’an University of Posts and Telecommunications), Xi’an 710121)
  • Online: 2016-10-01

摘要: HTML5是构建Web应用的最新标准,它引入许多新特性来赋予浏览器丰富的功能,但因此也引入了新的安全问题.HTML5安全问题实际由各个新特性的安全问题组成.根据功能差异,对HTML5中的标签与表单、通信功能、离线应用与存储、多媒体、性能与表现、设备访问等新特性的安全性进行了详尽的分析、总结和讨论,指出其蕴含的安全问题及可能的防范方法.然后对现有国内外研究工作进行了总结,进一步将HTML5安全问题归纳为3类:传统威胁延伸、恶意利用、使用不当,为进一步研究提供了思路.最后,指出了HTML5安全研究未来有价值的4个方向:新特性安全性、恶意利用检测、跨平台安全性和新安全应用形式.

关键词: Web安全, HTML5, 综述, postMessage, WebSocket, AppCache, WebStorage

Abstract: HTML5 is the latest standard of building Web applications. It introduces many new features to browsers, but also brings new security issues. The security of new features is the essence of HTML5 security. According to the differences in function, we analyze and summarize the security of new features including new label and form, communication, offline and storage, multimedia, performance, device access. The security problems and possible prevention methods are pointed out. Then we summarize existing researches, and classify HTML5 security problems into three categories: extending traditional threats, malicious use and improper use, to provide a new thought for the further study of HTML5 security. At last, four directions of the future work are pointed out: the security of new features, detection of malicious use, cross platform security and new security applications.

Key words: Web security, HTML5, literature review, postMessage, WebSocket, AppCache, WebStorage

中图分类号: