Client Side Web Session Integrity as a Non-interference Property | Zendy

Wilayat Khan | Zendy; Stefano Calzavara | Zendy; Michele Bugliesi | Zendy; Willem De Groef | Zendy; Frank Piessens | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Client Side Web Session Integrity as a Non-interference Property

Author(s) -

Wilayat Khan,

Stefano Calzavara,

Michele Bugliesi,

Willem De Groef,

Frank Piessens

Publication year - 2014

Publication title -

lecture notes in computer science

Language(s) - English

Resource type - Book series

SCImago Journal Rank - 0.249

H-Index - 400

eISSN - 1611-3349

pISSN - 0302-9743

DOI - 10.1007/978-3-319-13841-1_6

Subject(s) - computer science , session (web analytics) , client side , computer security , enforcement , property (philosophy) , computer network , world wide web , philosophy , epistemology , political science , law

Sessions on the web are fragile. They have been attacked successfully in many ways, by network-level attacks, by direct attacks on session cookies (the main mechanism for implementing the session concept) and by application-level attacks where the integrity of sessions is violated by means of cross-site request forgery or malicious script inclusion. This paper defines a variant of non-interference-the classical security notion from information flow security-that can be used to formally define the notion of client-side application-level web session integrity. The paper also develops and proves correct an enforcement mechanism. Combined with state-of-the-art countermeasures for network-level and cookie-level attacks, this enforcement mechanism gives very strong assurance about the client-side preservation of session integrity for authenticated sessions

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research