A survey of client-side Web threats and counter-threat measures

Authors:
Daniel Hein;Serhiy Morozov;Hossein Saiedian
Affiliations:
Garmin International, Olathe, KS66062, U.S.A.;EECS, University of Kansas, Lawrence, KS66045, U.S.A.;EECS, University of Kansas, Lawrence, KS66045, U.S.A. and ITTC, University of Kansas, Lawrence, KS66045, U.S.A.
Venue:
Security and Communication Networks
Year:
2012

Citing 18
Cited 0

A Survey of Web Security

Computer
Point/Counterpoint

IEEE Software
Building a Secure Web Browser

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Exploiting Software: How to Break Code

Exploiting Software: How to Break Code
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing
Hardening Web browsers against man-in-the-middle and eavesdropping attacks

WWW '05 Proceedings of the 14th international conference on World Wide Web
Trusted paths for browsers

ACM Transactions on Information and System Security (TISSEC)
Challenges in Securing the Domain Name System

IEEE Security and Privacy
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A Safety-Oriented Platform for Web Applications

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
JavaScript instrumentation for browser security

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Defeating script injection attacks with browser-enforced embedded policies

Proceedings of the 16th international conference on World Wide Web
The Contemporary Software Security Landscape

IEEE Security and Privacy
The ghost in the browser analysis of web-based malware

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Internet Researchers Look to Wipe the Slate Clean

Computer
Information Assurance Technology Forecast 2008

IEEE Security and Privacy
Secure Web Browsing with the OP Web Browser

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Protecting the Intranet Against "JavaScript Malware" and Related Attacks

DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Quantified Score

Hi-index	0.00

Visualization

Abstract

The increasing frequency and malevolence of online security threats require that we consider new approaches to this problem. The existing literature focuses on the Web security problem from the server-side perspective. In contrast, we explore it from the client-side, considering the major types of threats. After a short threat summary, we discuss related research and existing countermeasures. We then examine intuitive human-oriented trust models and posit a flexible, multilayer framework to facilitate automated client-side decision making. The proposed suggestions are not intrusive and do not require advanced technical knowledge from end users. Copyright © 2011 John Wiley & Sons, Ltd. (Improving Web security for end users is technically possible by deploying known countermeasures to prevent execution of untrusted mobile code. Additionally, trust algebra provides a basis for defining a Web site avoidance policy based on a crowd-sourced Web site ratings. The primary hurdle to improving Web security rests with standardized, real-world implementations of these concepts both in the Internet and in browser software.)