The Road to Trusted Front-End - Code Protection

Others 2022-05-16 23:49:19 views: 0
Abstract: The Road to Trusted Front-End - Code Protection 0x00 Preface system. In the computer, the Trusted Platform Module (TPM) has been put into use. It conforms to the TPM specification formulated by the Trusted Computing Group (TCG) and is designed to achieve the goal of a trusted system. Security chip.

The Road to Trusted Front-End - Code Protection







0x00 Foreword

In the field of information security, a trusted system is an exciting goal, which refers to a system that achieves a certain degree of trust by implementing specific security policies.

In the computer, the Trusted Platform Module (TPM) has been put into use. It conforms to the TPM specification formulated by the Trusted Computing Group (TCG) and is designed to achieve the goal of a trusted system. Security chip. As the root of trust of trusted systems, TPM is the core module of trusted computing, which provides a strong guarantee for computer security.







In our web system, it seems like a false proposition to build a trusted system, and "never trust the client's input" is the basic security principle. In fact, trustworthiness in a trusted system does not mean that it is absolutely safe. The wiki explains it as: "Trusted" does not necessarily mean "trustworthy" for users ( Trustworthy). Rather, it means that its behavior can be fully trusted to more fully follow the design, with a low probability of performing the behavior prohibited by the designers and software writers.



From this perspective, we regard it as a beautiful vision. We hope to construct a TPM in a web system, which can control malicious behavior within a certain probability, so as to realize a relatively credible web system.



0x01 Trusted Front End

In a trusted system, an important role of the TPM is to identify the authenticity of the message source and ensure the credibility of the terminal. In a web system, our source of information is the user. With the vigorous development of industries such as credential stuffing, malicious registration, and fleece, in more and more scenarios, we need to identify whether the requested data comes from real users and protect the data security of real users.



Therefore, if you want to construct a TPM in a web system, the first problem is to ensure the security of input data and create a relatively credible front-end environment. However, due to the open nature of the web, the front-end is the front line of data collection, and the js code is always exposed. In this case, it becomes very difficult to prevent malicious forged requests, and a trusted front-end becomes nonsense.



In repeated confrontations, the importance of code protection, that is, js code obfuscation in the usual sense, has gradually emerged. Today I want to talk to you about the problem of js confusion.
http://click.aliyun.com/m/23223/

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326606160&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com