SPECTRE: A Tool for Inferring, Specifying and Enforcing Web-Security Policies
نویسندگان
چکیده
Implementing web-applications securely is a laborious and error-prone task; as a result a large number of (professionally designed) websites suffer from serious application-level security vulnerabilities. In this paper we describe SPECTRE, a tool which helps to secure dynamic web-applications. As well as aiding in the development process of new applications SPECTRE can also be used to fix vulnerabilities in existing web-based components, even when the source of these components is not available.
منابع مشابه
Protecting Private Web Content from Embedded Scripts
Many web pages display personal information provided by users. The goal of this work is to protect that content from untrusted scripts that are embedded in host pages. We present a browser modification that provides fine-grained control over what parts of a document are visible to different scripts, and executes untrusted scripts in isolated environments where private information is not accessi...
متن کاملHow I Learned to Stop Worrying and Love Plugins
This position paper argues that browsers should be responsible for specifying and enforcing security policies for browser plugins. By enabling the browser to make security decisions on behalf of the plugin, browsers can significantly reduce the impact of plugin vulnerabilities and eliminate much of the risk posed by today’s plugin exploits. We propose policies for document access, persistent st...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملA Cloud - based Resource and Service Sharing Platform for Computer and Network Security Education
1. Automated Reasoning about Web Access Control Policies via Answer Set Programming Gail-Joon Ahn*, Joohyung Lee*, Hongxin Hu and Yunsong Meng Summary: We introduce a logic-based policy management approach for XACML (eXtensible Access Control Markup Language), which has become the defacto standard for specifying and enforcing access control policies for various applications and services in curr...
متن کاملSpecifying and Enforcing Application-Level Web Security Policies
Application-level Web security refers to vulnerabilities inherent in the code of a Web-application itself (irrespective of the technologies in which it is implemented or the security of the Web-server/back-end database on which it is built). In the last few months, application-level vulnerabilities have been exploited with serious consequences: Hackers have tricked e-commerce sites into shippin...
متن کامل