Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CSFW
2010
IEEE
2010
IEEE
Towards a Formal Foundation of Web Security
—We propose a formal model of web security based straction of the web platform and use this model to analyze the security of several sample web mechanisms and applications. We identify three distinct threat models that can be used to analyze web applications, ranging from a web attacker who controls malicious web sites and clients, to stronger attackers who can control the network and/or leverage sites designed to display user-supplied content. We propose two broadly applicable security goals and study five security mechanisms. In our case studies, which include HTML5 forms, Referer validation, and a single sign-on solution, we use a SAT-based model-checking tool to find two previously known vulnerabilities and three new vulnerabilities. Our case study of a Kerberos-based single sign-on system illustrates the differences between a secure network protocol using custom client software and a similar but vulnerable web protocol that uses cookies, redirects, and embedded links instead.
Real-time TrafficRelated Content
| Added | 15 Aug 2010 |
| Updated | 15 Aug 2010 |
| Type | Conference |
| Year | 2010 |
| Where | CSFW |
| Authors | Devdatta Akhawe, Adam Barth, Peifung E. Lam, John C. Mitchell, Dawn Song |
Comments (0)
Researcher Info
|
