|本期目录/Table of Contents|

[1]叶志鹏,何成万*,张峥峰.基于AOP的Web应用程序的安全会话管理[J].武汉工程大学学报,2018,40(05):565-568.[doi:10. 3969/j. issn. 1674-2869. 2018. 05. 017]
 YE Zhipeng,HE Chenwan*,ZHANG Zhengfeng.Secure Session Management of Web-Based Application Using Aspect-Oriented Programming[J].Journal of Wuhan Institute of Technology,2018,40(05):565-568.[doi:10. 3969/j. issn. 1674-2869. 2018. 05. 017]
点击复制

基于AOP的Web应用程序的安全会话管理(/HTML)
分享到:

《武汉工程大学学报》[ISSN:1674-2869/CN:42-1779/TQ]

卷:
40
期数:
2018年05期
页码:
565-568
栏目:
机电与信息工程
出版日期:
2018-12-27

文章信息/Info

Title:
Secure Session Management of Web-Based Application Using Aspect-Oriented Programming
文章编号:
20180517
作者:
叶志鹏何成万*张峥峰
武汉工程大学计算机科学与工程学院,湖北 武汉 430205
Author(s):
YE ZhipengHE Chenwan*ZHANG Zhengfeng
School of Computer Science and Engineering,Wuhan Institute of Technology, Wuhan 430205, China
关键词:
应用程序接口面向方面编程会话固定失效的身份验证与会话管理
Keywords:
application programming interfaceaspect-oriented programmingsession fixationbroken authentication and session management
分类号:
TP393.08
DOI:
10. 3969/j. issn. 1674-2869. 2018. 05. 017
文献标志码:
A
摘要:
为降低Web应用程序中合法用户身份被非法窃取的风险,同时提高应用系统机密性及完整性,提出了一种基于AOP的安全会话管理方法。该方法关联远程IP地址与会话标识符(SessionID),通过对访问请求的关联性分析验证合法用户身份,从而应对Web应用程序中常见的失效身份验证与会话管理问题。通过方面(Aspect)封装的应用程序接口(API)具有较好的可扩展性,经编织后的Web应用程序无需修改原业务逻辑代码,就能有效提升自身会话管理机制的安全性及可靠性,保障用户数据不遭受未授权访问。
Abstract:
To reduce the risk of illegally spoofing legitimate users in web applications and improve the confidentiality and integrity of the application, a method of secure session management using Aspect-oriented programming (AOP) was proposed. By associating the remote IP address with the session identifier (SessionID) and analyzing the relevance of access requests, the legitimate user’s identity was authenticated, so problems of the common broken authentication and session management in Web applications were solved. Application programming interface (API) encapsulated by Aspect has good scalability. The woven web application without modifying the original business logic code can effectively improve the security and reliability of its own session management mechanism, and protect the user data from unauthorized access.Keywords

参考文献/References:

[1] SALEH A Z M, ROZALI N A, BUJA A G, et al. A method for web application vulnerabilities detection by using boyer-moore string matching algorithm [J]. Procedia Computer Science, 2015, 72:112-121. [2] BOUDREAU T, TULACH J, WIELENGA G. Rich client programming: plugging into the NetBeans(TM) Platform [M]. New York:Prentice Hall PTR, 2007. [3] LIEBERHERR K, LORENZ D H, OVLINGER J. Aspectual collaborations: combining modules and aspects [J]. Computer Journal,2003,46(5): 542-565. [4] BERGMANS L, LOPES C V. Aspect-Oriented Programming [C]// European Conference on Object- Oriented Programming.Berlin: Springer, 1999:288-313.[5] KONG A, ZHANG D, KAMEL M. A study of brute- force break-ins of a palmprint verification system[J]. Lecture Notes in Computer Science, 2005, 57(2):447-454 . [6] KRISTOL D, MONTULLI L. HTTP state management mechanism [J]. Rfc, 1997, 11(3):82-89. [7] NIKIFORAKIS N, MEERT W, YOUNAN Y, et al. SessionShield: lightweight protection against session hijacking [C]// International Conference on Engineering Secure Software and Systems. Berlin:Springer-Verlag, 2011:87-100. [8] HOWERTON J T. Service-oriented architecture and Web 2.0[J]. It Professional, 2007, 9(3):62-64. [9] HERMOSILLO G, GOMEZ R, SEINTURIER L, et al. Using aspect programming to secure Web applications [J]. Journal of Software, 2007, 2(6):53-63. [10] 汪定, 马春光, 翁臣,等. 强健安全网络中的中间人攻击研究 [J]. 计算机应用, 2012, 32(1):42-44. [11] 王鹏, 季明, 梅强,等. 交换式网络下HTTP会话的劫持研究及其对策 [J]. 计算机工程, 2007, 33(5):135-137. [12] 徐兵, 谢仕义. Web应用程序会话安全模块的设计 [J]. 计算机工程, 2008, 34(19):176-178. [13] 韩坤. Web服务安全会话管理的研究与实现 [D]. 北京:北京邮电大学, 2007. [14] 刘新亮, 杜瑞颖, 陈晶,等. 针对SSL/TLS协议会话密钥的安全威胁与防御方法 [J]. 计算机工程, 2017, 43(3):147-153.

相似文献/References:

[1]张 进,何成万*,石 尤.基于AOP的契约定义及其与JML契约的转换[J].武汉工程大学学报,2020,42(04):456.[doi:10.19843/j.cnki.CN42-1779/TQ.201912025]
 ZHANG Jin,HE Chengwan,SHI You.AOP Contracts Definition and Its Conversion to JML Contracts[J].Journal of Wuhan Institute of Technology,2020,42(05):456.[doi:10.19843/j.cnki.CN42-1779/TQ.201912025]

备注/Memo

备注/Memo:
收稿日期:2018-05-27作者简介:叶志鹏,硕士研究生。E-mail:412134033@qq.com*通讯作者:何成万,博士,教授。 E-mail:hechengwan@hotmail.com引文格式:叶志鹏,何成万,张峥峰. 基于AOP的Web应用程序的安全会话管理[J]. 武汉工程大学学报,2018,40(5):565-568.
更新日期/Last Update: 2018-10-23