摘要
自助终端机作为政务服务的新工具得到广泛应用,其存在的安全问题往往被人们忽视。对政务自助终端机的现状进行分析,以“最多跑一次”政务服务终端机为例,阐述了系统运行架构,从物理安全、沙箱逃逸、中间人攻击、源代码泄露4个方面进行分析,以渗透攻击实验总结加固及防范措施,为政务自助终端服务提供安全参考。
As a new tool of government service,self-service terminal is widely used,but its security problems are often ignored.This paper analyzes the current situation of the government self-service terminal,taking the“run once at most”government service terminal as an example,expounds the system operation architecture,analyzes the four aspects of physical security,sandbox escape,middle man attack and source code leakage,summarizes the reinforcement and preventive measures with the penetration attack experience,and provides the security reference for the government self-service terminal.
作者
冯鹏钰
叶翔
FENG Pengyu;YE Xiang(China Cable Information Network Co., Ltd, Shaoxing 312000,China;Wasu Digital TV Media Group Co., Ltd, Hangzhou 310000,China)
出处
《中国有线电视》
2020年第7期797-799,共3页
China Digital Cable TV
关键词
自助终端机
沙箱逃逸
安全加固
零信任网络
self-service terminal
sandbox escape
safety reinforcement
zero trust network
