Re-designing the web's access control system

Authors:
Wenliang Du;Xi Tan;Tongbo Luo;Karthick Jayaraman;Zutao Zhu
Affiliations:
Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, New York;Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, New York;Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, New York;Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, New York;Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, New York
Venue:
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Year:
2011

Citing 10
Cited 1

Protecting browser state from web privacy attacks

Proceedings of the 15th international conference on World Wide Web
Using web application construction frameworks to protect against code injection attacks

Proceedings of the 2007 workshop on Programming languages and analysis for security
Dynamic pharming attacks and locked same-origin policies for web browsers

Proceedings of the 14th ACM conference on Computer and communications security
CLAMP: Practical Prevention of Large-Scale Data Leaks

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Improving application security with data flow assertions

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
ESCUDO: A Fine-Grained Protection Model for Web Browsers

ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Nemesis: preventing authentication & access control vulnerabilities in web applications

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Towards Fine-Grained Access Control in JavaScript Contexts

ICDCS '11 Proceedings of the 2011 31st International Conference on Distributed Computing Systems
Contego: capability-based access control for web browsers

TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing

Position paper: why are there so many vulnerabilities in web applications?

Proceedings of the 2011 workshop on New security paradigms workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. With such a glory come the attacks-theWeb has become criminals' preferred targets.Web-based vulnerabilities now outnumber traditional computer security concerns. Although various security solutions have been proposed to address the problems on the Web, few have addressed the root causes of why web applications are so vulnerable to these many attacks. We believe that the Web's current access control models are fundamentally inadequate to satisfy the protection needs of today's web, and they need to be redesigned. In this extended abstract, we explain our position, and summarize our efforts in redesigning the Web's access control systems.