Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
Using encryption for authentication in large networks of computers
Communications of the ACM
Communications of the ACM
Protection of Computer Software: Its Technology and Application
Protection of Computer Software: Its Technology and Application
Code and Other Laws of Cyberspace
Code and Other Laws of Cyberspace
.NET framework security
Overview of the AT&T Labs Trust-Management Project (Position Paper)
Proceedings of the 6th International Workshop on Security Protocols
Security of Internet Location Management
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The multics system: an examination of its structure
The multics system: an examination of its structure
Protecting browsers from dns rebinding attacks
Proceedings of the 14th ACM conference on Computer and communications security
Electronic Notes in Theoretical Computer Science (ENTCS)
SessionSafe: implementing XSS immune session handling
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Authentication by correspondence
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
The security requirements on an IT system ultimately depend on the applications that make use of it. To put today's challenges into perspective we map the evolution of distributed systems security over the past 40 years. We then focus on web applications as an important current paradigm for deploying distributed applications. We discuss the security policies relevant for the current generation of web applications and the mechanisms available for enforcing these policies, which are increasingly to be found in components in the application layer of the software stack. Descriptions of SQL injection, cross-site scripting, cross-site request forgery, JavaScript hijacking, and DNS rebinding attacks will illustrate the deficiencies of current technologies and point to some fundamental issues of code origin authentication that must be considered when securing web applications.