Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Proceedings of the 7th International Workshop on Security Protocols
On Five Definitions of Data Integrity
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Computer Security 2e
Security in Computing (4th Edition)
Security in Computing (4th Edition)
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Sessionlock: securing web sessions against eavesdropping
Proceedings of the 17th international conference on World Wide Web
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
Reliable protection against session fixation attacks
Proceedings of the 2011 ACM Symposium on Applied Computing
App isolation: get the security of multiple browsers with just one
Proceedings of the 18th ACM conference on Computer and communications security
Practical end-to-end web content integrity
Proceedings of the 21st international conference on World Wide Web
New directions in cryptography
IEEE Transactions on Information Theory
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
BetterAuth: web authentication revisited
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
The HTTP and HTTPS protocols are the corner stones of the modern web. From a security point of view, they offer an all-or- nothing choice to web applications: either no security guarantees with HTTP or both confidentiality and integrity with HTTPS. How- ever, in many scenarios confidentiality is not necessary and even undesired, while integrity is essential to prevent attackers from compromising the data stream. We propose GlassTube, a lightweight approach to web application integrity. GlassTube guarantees integrity at application level, without resorting to the heavyweight HTTPS protocol. GlassTube prevents man-in-the-middle attacks and provides a general method for integrity in web applications and smartphone apps. GlassTube is easily deployed in the form of a library on the server side, and offers flexible deployment options on the client side: from dynamic code distribution, which requires no modification of the browser, to browser plugin and smartphone app, which allow smooth key predistribution. The results of a case study with a web-based chat indicate a boost in the performance compared to HTTPS, achieved with no optimization efforts.