GlassTube: a lightweight approach to web application integrity

Authors:
Per A. Hallgren;Daniel T. Mauritzson;Andrei Sabelfeld
Affiliations:
Keyflow AB & Chalmers University of Technology, Gothenburg, Sweden;Ericsson AB & Chalmers University of Technology, Gothenburg, Sweden;Chalmers University of Technology, Gothenburg, Sweden
Venue:
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Year:
2013

Citing 15
Cited 0

Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Performance of Protocols

Proceedings of the 7th International Workshop on Security Protocols
On Five Definitions of Data Integrity

Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Computer Security 2e

Computer Security 2e
Security in Computing (4th Edition)

Security in Computing (4th Edition)
SIF: enforcing confidentiality and integrity in web applications

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Sessionlock: securing web sessions against eavesdropping

Proceedings of the 17th international conference on World Wide Web
Building secure web applications with automatic partitioning

Communications of the ACM - Inspiring Women in Computing
Unifying facets of information integrity

ICISS'10 Proceedings of the 6th international conference on Information systems security
Reliable protection against session fixation attacks

Proceedings of the 2011 ACM Symposium on Applied Computing
App isolation: get the security of multiple browsers with just one

Proceedings of the 18th ACM conference on Computer and communications security
Practical end-to-end web content integrity

Proceedings of the 21st international conference on World Wide Web
New directions in cryptography

IEEE Transactions on Information Theory
Language-based information-flow security

IEEE Journal on Selected Areas in Communications
BetterAuth: web authentication revisited

Proceedings of the 28th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

The HTTP and HTTPS protocols are the corner stones of the modern web. From a security point of view, they offer an all-or- nothing choice to web applications: either no security guarantees with HTTP or both confidentiality and integrity with HTTPS. How- ever, in many scenarios confidentiality is not necessary and even undesired, while integrity is essential to prevent attackers from compromising the data stream. We propose GlassTube, a lightweight approach to web application integrity. GlassTube guarantees integrity at application level, without resorting to the heavyweight HTTPS protocol. GlassTube prevents man-in-the-middle attacks and provides a general method for integrity in web applications and smartphone apps. GlassTube is easily deployed in the form of a library on the server side, and offers flexible deployment options on the client side: from dynamic code distribution, which requires no modification of the browser, to browser plugin and smartphone app, which allow smooth key predistribution. The results of a case study with a web-based chat indicate a boost in the performance compared to HTTPS, achieved with no optimization efforts.