Filters








252 Hits in 4.3 sec

The W3C web cryptography API

Harry Halpin
2014 Proceedings of the 23rd International Conference on World Wide Web - WWW '14 Companion  
We describe the motivations behind the creation of the W3C Web Cryptography API and give a high-level overview with motivating usecases while addressing objections.  ...  The W3C Web Cryptography API is the standard API for accessing cryptographic primitives in Javascript-based environments.  ...  OVERVIEW OF WEB CRYPTOGRAPHY API The W3C Web Cryptography Working Group has prepared a group of specifications rather around the core Web Cryptography API: one use-case document [4] , one normative specification  ... 
doi:10.1145/2567948.2579224 dblp:conf/www/Halpin14 fatcat:u2dakieb35a6nontjr5i62awsq

D7/8 - Final Report on Standardization Analysis and Recommendations

Reinhard Herzog, Michael Jacoby, Hylke van der Schaaf, Giuseppe Bianchi, Giovanni Bartolomeo, Claudio Pisa, Kym Watson, Gino Carrozzo, Matteo Pardi, Gianluca Insolvibile, Ricardo Vitorino, João Garcia (+2 others)
2018 Zenodo  
This deliverable gives a summary of the current activities within the SDOs, where symbIoTe had established links. It also gives recommendations on how to contribute or to make use of their results.  ...  Recent developments within the W3C web of things working group created the idea of using the W3C Things Directory as an approach to handle semantic annotations with the SensorThingsAPI.  ...  That was the motivation for the first part of Task T7. 4 and it was reported in the Deliverable D7.3.  ... 
doi:10.5281/zenodo.2566414 fatcat:2ogydwwurvgl5f7lp5nasykj24

Webinos Project Deliverable: Phase 2 Security Framework

Webinos Consortium
2012 Zenodo  
It is a companion document to the webinos system and API specifications and explains why certain security and privacy controls exist and what risks remain.  ...  The webinos project defines and delivers an open source web application runtime compatible with a wide range of smart devices, including smartphones, tablets, PCs, in-car systems and set-top boxes.  ...  Overview of API 11.2.2. Threats 11.2.2.1 API-Specific threats and misuse cases 1.  ... 
doi:10.5281/zenodo.1147031 fatcat:x53nqshe7jfqrnbq6urpvsj2ra

D7.3 - Initial Report On Standardization Analysis And Recommendations

Reinhard Herzog, Hylke van der Schaaf, Michael Jacoby, Giuseppe Bianchi, Giovanni Bartolomeo, Claudio Pisa, Kym Watson, Gino Carrozzo, Matteo Pardi, Gianluca Insolvibile, Ricardo Vitorino, Joao Garcia
2017 Zenodo  
This deliverable provides a good overview on the current IoT standardization landscape and symbIoTe's positioning.  ...  W3C Web of Things Interest Group In the charter of the Web of Things Interest Group (WoT IG), the mission is stated as 3 : "…to counter the fragmentation of the Internet of Things by introducing a  ...  OGC Sensor Things API The SensorThings API [7] is a standard defined by the Open Geospatial Consortium (OGC), specifically by the Sensor Web Enablement for IoT (SWE-IoT) working group.  ... 
doi:10.5281/zenodo.817494 fatcat:modvyfcpw5fgdn3q2ybn6p2vru

An Approach to Understand Semantic Web

Deepti Juneja, M. K.
2017 International Journal of Computer Applications  
The current internet relies around markup language pages delivered to a Browser and afterward displayed for human consumption instead of for important manipulation by pc applications.  ...  This paper gives a brief about the overview of semantic web, the modeling information, its architecture and framework.  ...  It demonstrates how advances that are institutionalized by W3C for Semantic Web are sorted out to make the Semantic Web conceivable.  ... 
doi:10.5120/ijca2017914427 fatcat:fpvijobtfnestkdbb6csk6yxau

In Certificates We Trust -- Revisited

Florian Reimair, Peter Teufl, Bernd Prunster
2015 2015 IEEE Trustcom/BigDataSE/ISPA  
We propose to redistribute the tasks and require for a data sender to create an encryption key for himself and grant the recipient access to the key through authentication.  ...  We show the results of our prototypical implementation and present a discussion on the security of the system.  ...  A receiver for example acts as a protocol bridge to the interoperability layer with pre-build implementations for Java's Cryptographic Extension (JCE), the Windows CNG, or the W3C Web Cryptography API  ... 
doi:10.1109/trustcom.2015.437 dblp:conf/trustcom/ReimairTP15 fatcat:pipilw6zrbepvi2rhsmbildx7u

Information flows to support software developers in using security APIs

Peter Leo Gorski, Technische Universität Berlin, Sebastian Möller
2021
However, little is known about the requirements of developers to address the problem and improve the usability of security APIs.  ...  Probably the most basic, powerful, and frequently used tools software developers work with are Application Programming Interfaces (APIs).  ...  [180] in 2010 and became a W3C security standard [222] since 2012, which is supported by all modern web browsers [54] .  ... 
doi:10.14279/depositonce-11683 fatcat:3j67z2tc4ve5nivmi2wfgfv2ta

CT-wasm: type-driven secure cryptography for the web ecosystem

Conrad Watt, John Renner, Natalie Popescu, Sunjay Cauligi, Deian Stefan
2019 Proceedings of the ACM on Programming Languages (PACMPL)  
With the new introduction of the WebAssembly bytecode language (Wasm) into the web ecosystem, we have a unique opportunity to advance a principled alternative to existing JavaScript cryptography use cases  ...  A significant amount of both client and server-side cryptography is implemented in JavaScript.  ...  ACKNOWLEDGMENTS We thank the anonymous POPL and POPL AEC reviewers for their suggestions and insightful comments. We thank Andreas Rossberg and Peter Sewell for their support during this work.  ... 
doi:10.1145/3290390 fatcat:s4k7fhddrvdzhgfqkunhojgirm

Exploring Widevine for Fun and Profit [article]

Gwendal Patat
2022 arXiv   pre-print
In addition, we leverage our knowledge to bypass the obfuscation of Android Widevine software-only version, namely L3, and recover its Root-of-Trust.  ...  With the growing consumption of content using Over-the-Top platforms, such as Netflix or Prime Video, DRMs have been deployed on numerous devices considered as potential hostile environments.  ...  Widevine Over EME Similar to the unified DRM API of Android, the World Wide Web Consortium (W3C) defines the Encrypted Media Extensions (EME) standard to provide a standardized API enabling web applications  ... 
arXiv:2204.09298v1 fatcat:tn47uatapvcajgsfftszw2hb4y

User Privacy and the Evolution of Third-Party Tracking Mechanisms on the World Wide Web

Sonal Mittal
2010 Social Science Research Network  
Beyond the development of FoxTracks, the analysis presented in this thesis discusses the history, key players, and motivations of third-party tracking, and how each influenced the design choices made in  ...  FoxTracks is a Firefox add-on program that browses the web along with the user and collects information about three types of trackers that may be monitoring the user: HTTP cookies, Local Shared Flash Objects  ...  My deepest thanks also goes to the team at CDT Labs who have advised me on technical matters and provided online support for the project.  ... 
doi:10.2139/ssrn.2005252 fatcat:zwvngafiavcgvk7wu26pbiebhu

Replaceable Components and the Service Provider Interface [chapter]

Robert C. Seacord
2001 Lecture Notes in Computer Science  
the World Wide Web Consortium (W3C) that can be used to describe a broad range of hierarchical markup languages.  ...  short overview of existing component models.  ...  This technical note considers the motivation for using replaceable components and defines the requirements of replaceable component models.  ... 
doi:10.1007/3-540-45588-4_21 fatcat:nq2kewmxmrgvzifn5peq275gb4

Authenticating distributed data using Web services and XML signatures

Daniel J. Polivy, Roberto Tamassia
2002 Proceedings of the 2002 ACM workshop on XML security - XMLSEC '02  
We present an architecture for authenticating responses to queries from untrusted mirrors of authenticated dictionaries using Web Services and XML Signatures.  ...  As the need for digital data becomes more ubiquitous, so does the need to provide efficient mechanisms for distributing and verifying the authenticity of that data.  ...  ACKNOWLEDGMENTS The authors would like to acknowledge the assistance and support of all the STMS team members and especially Michael Goodrich, Robert Cohen, David Emory and Michael Shin.  ... 
doi:10.1145/764792.764805 dblp:conf/xmlsec/PolivyT02 fatcat:3nvkhy4lofckjdnrjgizclmxly

Authenticating distributed data using Web services and XML signatures

Daniel J. Polivy, Roberto Tamassia
2002 Proceedings of the 2002 ACM workshop on XML security -  
We present an architecture for authenticating responses to queries from untrusted mirrors of authenticated dictionaries using Web Services and XML Signatures.  ...  As the need for digital data becomes more ubiquitous, so does the need to provide efficient mechanisms for distributing and verifying the authenticity of that data.  ...  ACKNOWLEDGMENTS The authors would like to acknowledge the assistance and support of all the STMS team members and especially Michael Goodrich, Robert Cohen, David Emory and Michael Shin.  ... 
doi:10.1145/764804.764805 fatcat:qliwhg2ga5g45fgbeixp3sqc6y

On the (in)security of service APIs [article]

Martin Hristov Georgiev
2015
By contrast, HTML5 apps execute inside a Web The W3C APIs follow W3C specifications and provide access to a very limited set of device resources such as geolocation.  ...  Ubuntu Overview. Ubuntu provides isolation between the app's local and remote Web code and also enforces the same origin policy on the remote Web code from different origins.  ...  As a result, many service APIs often end up being misconfigured and leaking users' data to botnet, Web and network attackers.  ... 
doi:10.15781/t2d34b fatcat:bznhtaddivfyhchykatka4rx4m

SECRET

Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
Usually, documents and operations are exposed to the server in plaintext -and thus to administrators, governments, and potentially cyber criminals.  ...  We present SECRET, the first secure, efficient, and collaborative real-time editor.  ...  This research results from work in the research projects SyncEnc and VERTRAG, which are funded by the German Federal Ministry of Education and Research (BMBF, FKZ: 16KIS0412K and 13N13097), as well as  ... 
doi:10.1145/3052973.3052982 dblp:conf/ccs/FelschMMS17 fatcat:pxyyl6bf3rbjrlcl2fh53f52bq
« Previous Showing results 1 — 15 out of 252 results