A Web Without the Same-Origin Policy
نویسندگان
چکیده
Despite encryption, you can extract a fair amount of information from VoIP traffic based on variable bit rates. Previous research shows that the language and specific phrases can be identified in this manner. DiOrio’s research looks at detecting different accents based on the encoding bit rate. Preliminary results show that the average accuracy of differentiating accent pairs is 73%, with the best being Italian/Japanese at 91% accuracy.
منابع مشابه
Reactive non-interference for the browser: extended version
Given a partially ordered set (poset) of security levels, and a labelling of inputs and outputs with such levels, non-interference (or secure information flow) is a security property expressing that outputs of level l only depend on inputs that are labelled with a level smaller than l. In other words, there is no information flow from high (confidential) levels, to low (public) levels. For web ...
متن کاملBreaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks
Hybrid mobile applications (apps) combine the features of Web applications and "native" mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources-file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application fram...
متن کاملToward Principled Browser Security
To ensure the confidentiality and integrity of web content, modern web browsers enforce isolation between content and scripts from different domains with the same-origin policy (SOP). However, many web applications require cross-origin sharing of code and data. This conflict between isolation and sharing has led to an ad hoc implementation of the SOP that has proven vulnerable to such attacks a...
متن کاملEradicating DNS Rebinding with the Extended Same-origin Policy
The Web’s principal security policy is the Same-Origin Policy (SOP), which enforces origin-based isolation of mutually distrusting Web applications. Since the early days, the SOP was repeatedly undermined with variants of the DNS Rebinding attack, allowing untrusted script code to gain illegitimate access to protected network resources. To counter these attacks, the browser vendors introduced c...
متن کاملPAKE-Based Web Authentication: the Good, the Bad, and the Hurdles
Password Authenticated Key Exchange (PAKE) is a class of cryptographic protocols that allow two parties sharing a password to authenticate each other without explicitly revealing the password in the process. PAKE protocols offer a potential improvement over current web authentication practices, e.g., HTML form-based password authentication, but there has been little progress towards integrating...
متن کامل