博碩士論文 995202068 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:15 、訪客IP:3.80.218.53
姓名 張逸文(I-Wen Zhang)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ DEH:Dynamic Extensible Two-way Honeypot
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 ( 永不開放)
摘要(中) 自電腦進入網際網路時代,瀏覽器便已成為作業系統必備的應用程式之一。經過多年來的發展,瀏覽器不再只是一個提供使用者搜尋資料、收發電子郵件、休閒娛樂的工具,它甚至已經可比擬成一個小型的可攜式作業系統。透過瀏覽器,我們可以把資料儲存至網路空間,或從網頁下載檔案,因此,瀏覽器的安全性顯得日益重要。
為了防止惡意攻擊者蒐集瀏覽器儲存在電腦中的檔案,使用於不當用途,例如:藉由分析瀏覽器所儲存的快取資料、Cookie,分析使用者的瀏覽歷程及私密資訊,目前瀏覽器幾乎都有支援隱私瀏覽的功能。然而,在我們實際使用隱私瀏覽模式功能後,發現瀏覽器仍然會在電腦中留下瀏覽歷程產生的檔案,而當瀏覽器關閉時,這些檔案並沒有被移除。另外,使用者下載的檔案也儲存於硬碟中,這對於使用者的隱私安全無疑是莫大隱憂。
本論文即是針對瀏覽器在私密瀏覽的前提之下,從作業系統核心監控瀏覽器建立、讀寫、刪除檔案的行為,記錄使用者有意或無意經由瀏覽器下載的檔案,在瀏覽器關閉的同時,刪除因為使用瀏覽器而創建的檔案。另外,我們也比較了三個目前熱門的瀏覽器之私密瀏覽模式,提供關於隱私瀏覽安全性的研究資料,最後,期望藉由安裝我們設計的機制,提供使用者一個更安全的隱私瀏覽環境。
摘要(英) Recently, due to the advanced technology developed on the Internet, the Web browser has become one of the essential applications. A Web browser is not only used to surf on the internet, but also plays an important role as a portable operating system. For example, many users edit documents via an on-line editor and store the documents in an on-line storage. All those tasks are done with the help of a Web browser. This results in a large number of attacks on Web browsers. Therefore, the security of Web browsers has become a more and more important issue in recent years.
Through attacking Web browsers, the attackers may get our private information such as surfing habits and passwords. This is because that Web browsers always leave cookies, browsing history, and caches on the computer. To avoid malicious attacks, many Web browsers have developed the mechanism of private browsing mode. In the private browsing mode, a user’s behavior is not traced and his private information is not left either. However, the mechanism still creates files such as bookmarks. Most important of all, the files downloaded through a Web browser are saved on the disk unless the user deletes them himself. This is really a serious threat to the private security of Web users.
We design a mechanism on Windows XP to observe the behavior of creating and deleting files of Firefox in private browsing mode. Then we focus on the files which are not removed, and clear them by our mechanism. We hope that via our mechanism, the Web browsers can provide a comprehensively secure environment.
關鍵字(中) ★ 網路安全
★ 隱私瀏覽
關鍵字(英) ★ private browsing
★ Web security
論文目次 摘要 iii
Abstract iv
Acknowledgements v
Table of Content vii
List of Figures ix
List of Tables x
1 Introduction 1
1.1 Motivation 1
1.2 Solution 2
1.3 Contributions 3
1.4 organization 3
2 Background knowledge 4
2.1 Private browsing mode 4
2.2 Windows API 6
2.3 ZwXxx Routines and NtXxx Routines 9
3 Related Work 11
3.1 Defense of Web attack 11
3.2 Local attack 13
3.3 Web privacy analysis 13
4 System Design 14
4.1 System Overview 14
4.2 Windows API Interception 16
4.2.1 IAT Function Hook 16
4.2.2 Inline Hook 17
4.2.3 SSDT Hook 18
4.3 Subcomponent: Filter 22
4.4 Subcomponent: FileStorage 24
4.5 Subcomponent: ExeStorage 25
4.6 Subcomponent: Eliminator 26
4.7 Privacy Media 27
4.8 System Workflow 29
4.9 Implementation Environment 31
5 Evaluation 32
5.1 What did Firefox modify in private browsing mode? 32
5.2 Comparison of private browsing mode in modern Web browsers 33
5.3 Performance Evaluation 36
5.3.1 Experiment 1: CPU usage 36
5.3.2 Experiment 2: Memory usage 38
6 Conclusion 40
7 References 41
參考文獻 [1] IBM. (2011). 2011 Mid-year Trend and Risk Report. http://www-935.ibm.com/services/us/iss/xforce/trendreports/
[2] E. W. Felten, and M. A. Schneider, "Timing attacks on web privacy," ACM Conference on Computer and Communications Security, issue pp. 25-32, 2000.
[3] StatCounter. (2011). Top 5 Browsers. http://gs.statcounter.com/
[4] Microsoft. What is InPrivate Browsing? http://windows.microsoft.com/en-us/windows-vista/what-is-inprivate-browsing
[5] Google Chrome. Incognito mode. http://support.google.com/chrome/bin/answer.py?hl=zh-Hant&answer=95464
[6] Mozilla Firefox. Private Browsing - Browse the web without saving information about the sites you visit. http://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info
[7] Qualys Security Labs. MS11-077: From Patch to Proof-of-Concept. https://community.qualys.com/blogs/securitylabs/tags/win32k.sys
[8] Microsoft. Using Nt and Zw Versions of the Native System Services Routines. http://msdn.microsoft.com/en-us/library/windows/hardware/ff565438(v=vs.85).aspx
[9] Umesh Shankar, and Chris Karlof, "Doppelganger: Better browser privacy without the bother," in Proceedings of the 13th ACM conference on Computer and communications security, Alexandria, Virginia, USA, 2006.
[10] Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman, "Protecting Browsers from Extension Vulnerabilities," in Proceedings of the 17th Network and Distributed System Security Symposium (NDSS), 2010.
[11] Felipe Saint-Jean, Aaron Johnson, Dan Boneh, and Joan Feigenbaum, "Private web search," in Proceedings of the 2007 ACM workshop on Privacy in electronic society, Alexandria, Virginia, USA, 2007.
[12] TotalRecal on Firefox. https://addons.mozilla.org/en-US/firefox/addon/totalrecall/
[13] Torbutton 1.4.1. https://blog.torproject.org/blog/torbutton-141-released
[14] Wang Jiang, Huang Yih, and A. Ghosh, "SafeFox: A Safe Lightweight Virtual Browsing Environment," in System Sciences (HICSS), 2010 43rd Hawaii International Conference on, 5-8 Jan. 2010,2010.
[15] Li Dongsheng, Lv Qin, Xia Huanhuan, Shang Li, Lu Tun, and Gu Ning, "Pistis: A Privacy-Preserving Content Recommender System for Online Social Communities,"
in Web Intelligence and Intelligent Agent Technology (WI-IAT), 2011 IEEE/WIC/ACM International Conference on, 22-27 Aug. 2011,2011.
[16] Pereira, and Murilo Tito, "Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records," Digital Investigation, vol. 5,issue 3-4, pp. 93-103, 2009.
[17] Suman Jana, and Vitaly Shmatikov, "Memento: Learning Secrets from Process Footprints," in Security and Privacy (SP), 2012 IEEE Symposium on, 20-23 May,2012.
[18] Gaurav Aggarwal, Elie Bursztein, Collin Jackson, and Dan Boneh, "An analysis of private browsing modes in modern browsers," in Proceedings of the 19th USENIX conference on Security, Washington, DC, 2010.
[19] Understanding the Import Address Table. http://sandsprite.com/CodeStuff/Understanding_imports.html
[20] Microsoft. Download and Install Debugging Tools for Windows. http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
[21] Microsoft. NtCreateFile routine http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx
[22] Microsoft. NtCreateFile function. http://msdn.microsoft.com/en-us/library/bb432380(v=vs.85).aspx
[23] 11.6.1 Zone.Identifier Stream Name. http://msdn.microsoft.com/en-us/library/ff469212%28PROT.10%29.aspx
[24] 強制刪除文件. http://blog.csdn.net/beijixing2003/article/details/2535069
[25] Microsoft. Detours. http://research.microsoft.com/en-us/projects/detours/
[26] The top 500 sites on the web. http://www.alexa.com/topsites
[27] w3shools.com. HTML5 Web Storage. http://www.w3schools.com/html5/html5_webstorage.asp
[28] Alexa. Top Sites. http://www.alexa.com/topsites[1] IBM. (2011). 2011 Mid-year Trend and Risk Report. http://www-935.ibm.com/services/us/iss/xforce/trendreports/
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2012-7-24
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明