Sciweavers

ESORICS
2005
Springer

Browser Model for Security Analysis of Browser-Based Protocols

13 years 9 months ago
Browser Model for Security Analysis of Browser-Based Protocols
Currently, many industrial initiatives focus on web-based applications. In this context an important requirement is that the user should only rely on a standard web browser. Hence the underlying security services also rely solely on a browser for interaction with the user. Browser-based identity federation is a prominent example of such a protocol. Unfortunately, very little is still known about the security of browser-based protocols, and they seem at least as error-prone as standard security protocols. In particular, standard web browsers have limited cryptographic capabilities and thus new protocols are used. Furthermore, these protocols require certain care by the user in person, which must be modeled. In addition, browsers, unlike normal protocol principals, cannot be assumed to do nothing but execute the given security protocol. In this paper, we lay the theoretical basis for the rigorous analysis and security proofs of browserbased security protocols. We formally model web brow...
Thomas Groß, Birgit Pfitzmann, Ahmad-Reza Sa
Added 27 Jun 2010
Updated 27 Jun 2010
Type Conference
Year 2005
Where ESORICS
Authors Thomas Groß, Birgit Pfitzmann, Ahmad-Reza Sadeghi
Comments (0)