Filters








16,930 Hits in 11.5 sec

Types and Access Controls for Cross-Domain Security in Flash [chapter]

Aseem Rastogi, Avik Chaudhuri, Rob Johnson
2012 Lecture Notes in Computer Science  
Flash provides APIs and run-time checks to help programmers declare and enforce trust relationships between different domains, but there is currently no formal security model for Flash.  ...  This paper presents the first formal security model for the Flash platform.  ...  The specification includes carefully modeled semantics for the dynamic access control checks and the APIs for dynamically loading other Flash applications.  ... 
doi:10.1007/978-3-642-35182-2_7 fatcat:5yk3mbcqcrdalent73zbrnqadu

An empirical study on the security of cross-domain policies in rich internet applications

Georgios Kontaxis, Demetris Antoniades, Iasonas Polakis, Evangelos P. Markatos
2011 Proceedings of the Fourth European Workshop on System Security - EUROSEC '11  
In this paper we present an extensive study on the deployment and security issues of cross-domain policies in the web.  ...  The need for RIAs to retrieve content hosted on different domains, in order to enrich user experience, led to the use of cross-domain policies by content providers.  ...  This work is supported in part by Herakeitos II PhD Scholarship in the area of "Internet traffic classification". We would like to thank the anonymous reviewers for their valuable comments.  ... 
doi:10.1145/1972551.1972558 dblp:conf/eurosec/KontaxisAPM11 fatcat:zcwjvmrndzc2rfpxkagyj3o4ru

Response Header Hardening - Preventing Information Interception and XSS

Andrea Hauser
2018 Zenodo  
We already stressed the importance of this topic two [1] and three [2] years ago. I would now like to focus on some lesser known and newer headers.  ...  labs.20180308 and is available in English and German. Providing our clients with innovative research for the information technology of the future is an essential part of our company culture.  ...  Preface This paper was written in 2018 as part of a research project at scip AG, Switzerland. It was initially published online at https://www.scip.ch/en/?  ... 
doi:10.5281/zenodo.3521876 fatcat:zsum736nxbci3fxwodnkob32ii

Flash vulnerabilities analysis of US educational websites

Joanne Kuzma, Colin Price, Richard Henson
2010 International Journal of Electronic Security and Digital Forensics  
The research also shows the main types of security problems that are shown in the schools sites.  ...  However, sites that use Flash and other types of media encounter problems with security. Issues are raised with how to protect personal data that are entered via these sites.  ...  XSS and cross-domain privilege escalation • validate Flash application adherence to Adobe Best Practice (HP, 2009; HP Application Security Center Community, 2009).  ... 
doi:10.1504/ijesdf.2010.033779 fatcat:lgtiibpbvza5ppxkub2u3j2t5a

Protection and communication abstractions for web browsers in MashupOS

Helen J. Wang, Xiaofeng Fan, Jon Howell, Collin Jackson
2007 ACM SIGOPS Operating Systems Review  
In this paper, we address this deficiency by identifying and designing the missing abstractions needed for a browser-based multi-principal platform.  ...  Our evaluation shows that our abstractions make it easy to build more secure and robust clientside Web mashups and can be easily implemented with negligible performance overhead.  ...  anonymous reviewers for their valuable discussions and feedback to our work and this paper.  ... 
doi:10.1145/1323293.1294263 fatcat:x4g2gobhfze6xgc5akmc6r4wqy

Protection and communication abstractions for web browsers in MashupOS

Helen J. Wang, Xiaofeng Fan, Jon Howell, Collin Jackson
2007 Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles - SOSP '07  
In this paper, we address this deficiency by identifying and designing the missing abstractions needed for a browser-based multi-principal platform.  ...  Our evaluation shows that our abstractions make it easy to build more secure and robust clientside Web mashups and can be easily implemented with negligible performance overhead.  ...  anonymous reviewers for their valuable discussions and feedback to our work and this paper.  ... 
doi:10.1145/1294261.1294263 dblp:conf/sosp/WangFHJ07 fatcat:lzbh4m7ep5ekrpitfmkwy2nj3y

Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning

Mika Ayenson, Dietrich James Wambach, Ashkan Soltani, Nathan Good, Chris Jay Hoofnagle
2011 Social Science Research Network  
According to Adobe, "A [cross-domain] policy file is a simple XML file that gives the Flash Player permission to access data from a given domain without displaying a security dialog.  ...  identifiers across domains. 10 Important Flash security research related to our investigation concerns Flash's "cross domain" policies.  ... 
doi:10.2139/ssrn.1898390 fatcat:6y4zyj6vqjd7bonqwyvvk5tz6i

Secure Web Browsing with the OP Web Browser

Chris Grier, Shuo Tang, Samuel T. King
2008 IEEE Symposium on Security and Privacy : Proceedings  
To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security.  ...  Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks.  ...  We would also like to thank Joe Tucek and Anthony Cozzie for discussions about the design of our browser, and Frank Stratton and Paul Debrowski for feedback on an early draft of our paper.  ... 
doi:10.1109/sp.2008.19 dblp:conf/sp/GrierTK08 fatcat:iesku3fuqbblxjtchsrlszfp2i

FIRM

Zhou Li, XiaoFeng Wang
2010 Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10  
We demonstrate in this paper, however, that it is completely feasible to avoid these hurdles while still achieving fine-grained control of the interactions between Flash content and its hosting page.  ...  The wide use of Flash technologies makes the security risks posed by Flash content an increasingly serious issue.  ...  ACKNOWLEDGMENTS We thank anonymous reviewers for their insightful comments. This work was supported in part by the NSF under Grant No.CNS-0716292 and CNS-1017782.  ... 
doi:10.1145/1920261.1920289 dblp:conf/acsac/LiW10 fatcat:k4menuy5qvb7rdwyw2nfavpcvy

Between Worlds: Securing Mixed JavaScript/ActionScript Multi-Party Web Content

Phu H. Phung, Maliheh Monshizadeh, Meera Sridhar, Kevin W. Hamlen, V.N. Venkatakrishnan
2015 IEEE Transactions on Dependable and Secure Computing  
Toward this end, the article presents FlashJaX, a cross-platform solution that enforces fine-grained, history-based policies that span both Flash and JavaScript.  ...  Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of dynamic features unique to each platform has popularized it for myriad web development projects.  ...  ACKNOWLEDGMENTS This research was supported in part by NSF grants 1065134, 1065216, and 1054629, 1069311, 1065537 and by an international postdoc grant from the Swedish Research Council (VR).  ... 
doi:10.1109/tdsc.2014.2355847 fatcat:pa2o7marrza3hjgdk3bptqiq6e

Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach

Mark Yampolskiy, Peter Horvath, Xenofon D. Koutsoukos, Yuan Xue, Janos Sztipanovits
2012 2012 5th International Symposium on Resilient Control Systems  
The selected UAV is fully functioning and contains multiple structural elements representative for more complex systems. At the same time, its simplicity enables an in-depth manual analysis.  ...  This creates multiple vectors for CPS-internal (i.e., within CPS) as well as for CPSexternal (i.e., between CPS itself and its environment) Cyber-Physical Attacks.  ...  ACKNOWLEDGEMENT This work is supported in part by the National Science Foundation (CNS-1035655, CCF-0820088), U.S. Army Research Office (AROW911NF-10-1-0005) and Lockheed Mar-tin.  ... 
doi:10.1109/isrcs.2012.6309293 fatcat:5mmnygof2jeo3l5z3rqherto5q

Know Your EK: A Content and Workflow Analysis Approach for Exploit Kits

Emre Suren, Pelin Angin
2019 Journal of Internet Services and Information Security  
An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetary-centric.  ...  Infection phases are described step-by-step to demystify the internals of the most common EK types and the utilized mission-critical techniques in the malware delivery process are explained in Section  ...  An Internet criminal controls the EK servers from the dashboards and queries several types of information including the number of targeted devices, the machines currently under control, breakdown for operating  ... 
doi:10.22667/jisis.2019.02.28.024 dblp:journals/jisis/SurenA19 fatcat:tujgyjogvrbohe5v2fhxnwr3im

Defeat Information Leakage from Browser Extensions via Data Obfuscation [chapter]

Wentao Chang, Songqing Chen
2013 Lecture Notes in Computer Science  
In this way, the users' sensitive information is always protected even information leakage occurs. The obfuscated information is properly restored for legitimate browser transactions.  ...  With the security considerations from the very beginning, Chrome offers more protection against exploits via benign-but-buggy extensions.  ...  A refined extension security framework has also been proposed with micro-privilege management and fine-grained access control to DOM elements.  ... 
doi:10.1007/978-3-319-02726-5_3 fatcat:njfzvqicxner7azu2y5z5dvqdi

Security of Web Mashups: A Survey [chapter]

Philippe De Ryck, Maarten Decat, Lieven Desmet, Frank Piessens, Wouter Joosen
2012 Lecture Notes in Computer Science  
This paper proposes concrete requirements for building secure mashups, divided in four categories: separation, interaction, communication and advanced behavior control.  ...  We conclude the paper by highlighting the most applicable techniques for building secure mashups, because of functionality and standardization.  ...  Leuven and the EU-funded FP7-projects WebSand and NESSoS.  ... 
doi:10.1007/978-3-642-27937-9_16 fatcat:uj2eyftncvcwlokbpfq6uxtluu

Policy Approval Engine - A Framework for Securing Web Applications and Web User

A. Saravanan, M. S. Irfan Ahmed, S. Sathya Bama
2016 Indian Journal of Science and Technology  
Findings: The policy enforcement framework for addressing security threats and to protect against cross-site request forgery, cross-site scripting, and content stealing has been proposed.  ...  Thus web browser needs some simple security policy and enforcement which can alleviate basic attacks in order to guard the applications and user that resides on the web.  ...  The Access Control List 42 and White Listare created and maintained by the system administrators as well request -requests originating from the same origin and only GET requests from cross-domain; block  ... 
doi:10.17485/ijst/2016/v9i4/84341 fatcat:yuqjvja6t5ccrpzbmqprfqnmgq
« Previous Showing results 1 — 15 out of 16,930 results