利用脚本封装抵御跨站脚本攻击

跨站脚本攻击是一类脚本注入攻击,当发生这类攻击时,浏览器所运行的脚本被分作两类:来自应用程序模板的良性脚本和来自其他途径的可疑脚本.文章提出基于脚本封装的抵御跨站脚本攻击的方法ScriptE,该方法采用额外的HTML标签封装良性脚本,然后通过浏览器插件或网页自带的检测脚本,在客户端实现两类脚本的区分,进而抵御可能的跨站脚本攻击,实验验证了所设计的方法.     

基于分隔符的跨站脚本攻击防御方法

通过分析跨站脚本攻击的特性, 提出一种基于分隔符的跨站脚本攻击防御方法, 该方法适用于UTF-8编码的Web应用程序。首先, 仅对可信数据中的分隔符进行积极污点标记; 然后, 利用字符UTF-8编码值的转换轻量级完成污点标记, 该污点信息可随着字符串操作直接传播到结果页面; 最后, 根据结果页面中分隔符的污点信息及页面上下文分析, 检查脚本执行节点的合法性和脚本内容的可靠性, 精确地检测并防御跨站脚本攻击。针对PHP平台实现了原型系统XSSCleaner。实验证明, XSSCleaner可轻量级地完成污点分析, 并且能够对跨站脚本攻击进行精确防御, 页面生成的时间开销平均为12.9%。     

Web浏览器跨协议通信安全性研究

阐述了浏览器跨协议通信的安全性问题,这类通信是通过将一个目标协议封装进一个载体协议中来完成的.研究表明,在满足协议有足够的容错度和有方法将目标协议封装进载体协议两个前提下,完全独立的两个协议是可以互操作的,潜在的两个不同的协议能够进行命令和数据的通信.因此跨协议通信为攻击者利用载体协议实现对目标协议的攻击提供了新的可能性,主要安全问题诸如跨协议跨站脚本、跨协议特征探测、暴力攻击.     

XSS攻击与防范研究

本文主要分析跨站脚本攻击漏洞存在形式和攻击产成流程,并总结出XSS攻击的防范方法。     

网络应用软件的几个安全问题分析

SQL注入、跨站点脚本、跨站点追踪、会话叠置是存在于网络应用层的几个安全问题,它们的共同特点是“遵守”网络标准协议,攻击者通过制造的特定情况来实现攻击.为了避免这种攻击的发生,就必须在开发网络应用程序时,对协议在复杂情况下交互作用进行深入的分析.     

美国孟菲斯大学计算机科学系主任Dr.Sajjan Shiva到西北大学讲学

<正>2014年4月22日,美国孟菲斯大学计算机科学系主任Dr.Sajjan Shiva在西北大学作了一场题为"Application Security through Real Time Monitoring(实时监控下的应用程序安全)"的学术报告,80余名师生代表聆听报告。Dr.Sajjan Shiva在报告中指出,随着网银、网购的不断发展,用户的敏感数据存储变得更为重要,且更容易被攻击,例如SQL注入攻击、跨站脚本攻击、跨站点的请求伪造、路径遍历攻击等。尽管研究者     

基于反过滤规则集和自动爬虫的XSS漏洞深度挖掘技术

为解决Web网站跨站脚本攻击(XSS)问题,通过对XSS漏洞特征及过滤方式的分析,提出了通过反过滤规则集转换XSS代码并用自动爬虫程序实现漏洞代码的自动注入和可用性检验的XSS漏洞挖掘技术,依此方法可以获取XSS漏洞代码的转换形式及漏洞的注入入口,以实现对Web跨站漏洞深度挖掘.提出的XSS漏洞挖掘技术在邮箱XSS漏洞挖掘及Web网站XSS漏洞检测方面的实际应用验证了该技术的有效性.     

基于Servlet/JSP的WEB安全控制

由于网络开放性、程序缺陷和黑客的攻击,基于Servlet/JSP技术的Java Web应用面临安全控制的重大挑战。针对系统部署,提出了通过声明方式在web.xml文件中指定安全处理机制,为Web资源设置安全约束,指定Web资源访问权限;从程序语言本身,分析了如何对跨站脚本攻击和注入缺陷等安全隐患进行最大程序的防范,根据各种攻击方式的原理及其攻击过程,进行了更细粒度的安全控制。     

一种Web输入验证的鱼骨刺测试模型

文章在分析Web缓冲区溢出、跨站点脚本编写(XSS)、SQL 注入和规范化等4种输入攻击原理的基础上,提出一种输入验证的鱼骨刺测试模型.该模型根据每种攻击方式分门别类地设计测试方法和相应的测试用例,对Web各个交互文本框输入的数据进行全方位测试.同现有的方法相比,该模型对Web的测试更加全面,能有效防止多种Web攻击.     

WEB应用漏洞攻击及其防护

作为一种大众平台,WEB越来越多地承载了某学院各个部门的核心业务,也成为网络主要的攻击对象,使得网页浏览中面临各种威胁.WEB应用攻击是攻击者通过浏览器或攻击工具,在网页地址或其他输入区域(比如表单等),向WEB服务器发送特殊请求,从中发现WEB应用程序的可能漏洞,从而进一步操纵网站,查看、修改未授权的信息.本论述针对WEB应用漏洞攻击方面常见的脚本漏洞攻击XSS漏洞和SQL注入漏洞,通过分析两种漏洞的攻击方式和危害,尝试提出一整套应对WEB应用漏洞攻击的相应防范方案,以保证WEB应用中业务数据的安全性和保密性,提高网络系统的运行安全.     

Markedness and its Interpretation in Language Use

Language markedness is a common phenomenon in languages, and is reflected from hearing, vision and sense, i.e. the variation in the three aspects such as phonology, morphology and semantics. This paper focuses on the interpretation of markedness in language use following the three perspectives, i.e. pragmatic interpretation, psychological interpretation and cognitive interpretation, with an aim to define the function of markedness.     

Characterization of Ordovician carbonate reservoirs, southeastern Saskatchewan, Canada

The discovery of the prolific Ordovician Red River reservoirs in 1995 in southeastern Saskatchewan was the catalyst for extensive exploration activity which resulted in the discovery of more than 15 new Red River pools. The best yields of Red River production to date have been from dolomite reservoirs. Understanding the processes of dolomitization is, therefore, crucial for the prediction of the connectivity, spatial distribution and heterogeneity of dolomite reservoirs.The Red River reservoirs in the Midale area consist of 3～4 thin dolomitized zones, with a total thickness of about 20 m, which occur at the top of the Yeoman Formation. Two types of replacement dolomite were recognized in the Red River reservoir: dolomitized burrow infills and dolomitized host matrix. The spatial distribution of dolomite suggests that burrowing organisms played an important role in facilitating the fluid flow in the backfilled sediments. This resulted in penecontemporaneous dolomitization of burrow infills by normal seawater. The dolomite in the host matrix is interpreted as having occurred at shallow burial by evaporitic seawater during precipitation of Lake Almar anhydrite that immediately overlies the Yeoman Formation. However, the low δ18O values of dolomited burrow infills (-5.9‰～ -7.8‰, PDB) and matrix dolomites (-6.6‰～ -8.1‰, avg. -7.4‰ PDB) compared to the estimated values for the late Ordovician marine dolomite could be attributed to modification and alteration of dolomite at higher temperatures during deeper burial, which could also be responsible for its 87Sr/86Sr ratios (0.7084～0.7088) that are higher than suggested for the late Ordovician seawaters (0.7078～0.7080). The trace amounts of saddle dolomite cement in the Red River carbonates are probably related to "cannibalization" of earlier replacement dolomite during the chemical compaction.     

Features of Women's language

Language is a means of verbal communication. People use language to communicate with each other. In the society, no two speakers are exactly alike in the way of speaking. Some differences are due to age, gender, statue and personality. Above all, gender is one of the obvious reasons. The writer of this paper tries to describe the features of women＇s language from these perspectives： pronunciation, intonation, diction, subjects, grammar and discourse. From the discussion of the features of women＇s language, more attention should be paid to language use in social context. What＇s more, the linguistic phenomena in a speaking community can be understood more thoroughly.     

A computer generator for randomly layered structures

AcomputergeneratorforrandomlylayeredstructuresYUJia shun1,2,HEZhen hua2(1.TheInstituteofGeologicalandNuclearSciences,NewZealand;2.StateKeyLaboratoryofOilandGasReservoirGeologyandExploitation,ChengduUniversityofTechnology,China)Abstract:Analgorithmisintrod…     

低渗透非均质砂岩油藏启动压力梯度研究

理论推导与室内实验相结合,建立了低渗透非均质砂岩油藏启动压力梯度确定方法。首先借助油藏流场与电场相似的原理,推导了非均质砂岩油藏启动压力梯度计算公式。其次基于稳定流实验方法,建立了非均质砂岩油藏启动压力梯度测试方法。结果表明:低渗透非均质砂岩油藏的启动压力梯度确定遵循两个等效原则。平面非均质油藏的启动压力梯度等于各级渗透率段的启动压力梯度关于长度的加权平均;纵向非均质油藏的启动压力梯度等于各渗透率层的启动压力梯度关于渗透率与渗流面积乘积的加权平均。研究成果可用于有效指导低渗透非均质砂岩油藏的合理井距确定,促进该类油藏的高效开发。     

On Tragic Consciousness In The Works By Ernest Hemingway

As an American modern novelist who were famous in the literary world, Hemingway was not a person who always followed the trend but a sharp observer. At the same time, he was a tragedy maestro, he paid great attention on existence, fate and end-result. The dramatis personae's tragedy of his works was an extreme limit by all means tragedy on the meaning of fearless challenge that failed. The beauty of tragedy was not produced on the destruction of life, but now this kind of value was in the impact activity. They performed for the reader about the tragedy on challenging for the limit and the death.     

海南岛地体及其毗邻陆缘晚中生代—新生代古地磁研究和构造演化

本文叙述了对海南岛及其毗邻大陆边缘白垩纪到第四纪地层岩石进行古地磁研究的全部工作过程。通过分析岩石中剩余磁矢量的磁偏角及磁倾角的变化,提出海南岛白垩纪以来经历的构造演化模式如下:早期伴随顺时针旋转而向南迁移,后期伴随逆时针转动并向北运移。联系该地区及邻区的地质、地球物理资料,对海南岛上述的构造地体运动提出以下认识:北部湾内早期有一拉张作用,主要是该作用使湾内地壳显著伸长减薄,形成北部湾盆地。从而导致了海南岛的早期构造运动,而海南岛后期的构造运动则主要是受南海海底扩张的影响。海南地体运动规律的阐明对于了解北部湾油气盆地的形成演化有重要的理论和实际意义。     

An Index mechanism for multi-scale view in spatial databases

There are numerous geometric objects stored in the spatial databases. An importance function in a spatial database is that users can browse the geometric objects as a map efficiently. Thus the spatial database should display the geometric objects users concern about swiftly onto the display window. This process includes two operations:retrieve data from database and then draw them onto screen. Accordingly, to improve the efficiency, we should try to reduce time of both retrieving object and displaying them. The former can be achieved with the aid of spatial index such as R-tree, the latter require to simplify the objects. Simplification means that objects are shown with sufficient but not with unnecessary detail which depend on the scale of browse. So the major problem is how to retrieve data at different detail level efficiently. This paper introduces the implementation of a multi-scale index in the spatial database SISP (Spatial Information Shared Platform) which is generalized from R-tree. The difference between the generalization and the R-tree lies on two facets: One is that every node and geometric object in the generalization is assigned with a importance value which denote the importance of them, and every vertex in the objects are assigned with a importance value,too. The importance value can be use to decide which data should be retrieve from disk in a query. The other difference is that geometric objects in the generalization are divided into one or more sub-blocks, and vertexes are total ordered by their importance value. With the help of the generalized R-tree, one can easily retrieve data at different detail levels.Some experiments are performed on real-life data to evaluate the performance of solutions that separately use normal spatial index and multi-scale spatial index. The results show that the solution using multi-scale index in SISP is satisfying.     

《Chinese Science Bulletin》SUBJECT INDEX TO VOLUME 59(2014)

正~~     

Achieving Unusual States of Matter Under High Pressure

The elongation method,originally proposed by Imamura was further developed for many years in our group.As a method towards O(N)with high efficiency and high accuracy for any dimensional systems.This treatment designed for one-dimensional(ID)polymers is now available for three-dimensional(3D)systems,but geometry optimization is now possible only for 1D-systems.As an approach toward post-Hartree-Fock,it was also extended to