Architectures for Inlining Security Monitors in Web Applications

Magazinius, Jonas; Hedin, Daniel; Sabelfeld, Andrei

doi:10.1007/978-3-319-04897-0_10

Cited by 11 publications

(14 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, a suffix proxy for domain suffix.org could offer the services of google.com transparently over domain google.com.suffix.org. A suffix proxy can observe and modify complete web requests and responses for monitoring purposes, and a use case is JavaScript code instrumentation for adding security controls [115]. Furthermore, a suffix proxy can access encrypted HTTPS communication when SSL/TLS client authentication is not performed.…”

Section: Middleware Layermentioning

confidence: 99%

“…Today's SaaS delivery models often rely on web technology, and web mashups are a popular approach to achieve composition and JavaScript code reuse [57,174]. An example for an integration-driven monitoring in mashups is to instrument untrusted third-party JavaScript code [115].…”

Section: Middleware Layermentioning

confidence: 99%

“…Suffix proxy. For web-based applications, a suffix proxy [115] is similar to a forward proxy: it acts as a middle man between client and service by forwarding client requests and gathering service responses. Contrary to traditional web proxies, a suffix proxy exploits the hierarchical naming scheme in the Domain Name System (DNS) to transparently and dynamically re-host existing services under a different DNS host name.…”

Section: Middleware Layermentioning

confidence: 99%

“…A web proxy is a networked software component that acts as a middle man. It forwards web requests and responses between a client and a service and eventually takes corrective actions by filtering or modifying content [98,115]. Proxy architectures are popular for the Hypertext Transfer Protocol (HTTP) used in today's web applications and services.…”

Section: Middleware Layermentioning

confidence: 99%

See 3 more Smart Citations

Monitoring of Client-Cloud Interaction

Lampesberger

Rady

2015

Correct Software in Web Applications and Web Services

View full text Add to dashboard Cite

When a client consumes a cloud service, computational liabilities are transferred to the service provider in accordance to the cloud paradigm, and the client loses some control over software components. One way to raise assurance about correctness and dependability of a consumed service and its software components is monitoring. In particular, a monitor is a system that observes the behavior of another system, and observation points that expose the target system's state and state changes are required. Due to the cloud paradigm, popular techniques for monitoring such as code instrumentation are often not available to the client because of limited visibility, lack of control, and black-box software components. Based on a literature review, we identify potential observation points in today's cloud services. Furthermore, we investigate two cloud-specific monitoring applications based on our ongoing research. While service level agreement (SLA) monitoring ensures that agreed-upon conditions between clients and providers are met, language-based anomaly detection monitors the interaction between client and cloud for misuse attempts.

show abstract

Section: Middleware Layermentioning

confidence: 99%

Section: Middleware Layermentioning

confidence: 99%

Section: Middleware Layermentioning

confidence: 99%

Section: Middleware Layermentioning

confidence: 99%

See 2 more Smart Citations

Monitoring of Client-Cloud Interaction

Lampesberger

Rady

2015

Correct Software in Web Applications and Web Services

View full text Add to dashboard Cite

show abstract

“…Our research is focused on providing a client-centric identity meta-system which allows a client to maintain a private identity directory while offering individual users automatic authentication to cloud-based services via a single sign-on, privacyenhanced service. In the paper [115], we have introduced the concept of an identity management machine (IdMM), an ASM-based, client-centric, single sign-on tool for small and medium enterprises that want to adopt or migrate to cloud-based services. This concept has been further refined in the paper [116] where we described the architecture of the IdMM.…”

Section: Client-centric Identity and Access Management In Cloud Compumentioning

confidence: 99%

Correct Software in Web Applications and Web Services

Thalheim¹,

Schewe²,

Prinz³

et al. 2015

Texts &Amp; Monographs in Symbolic Computation

View full text Add to dashboard Cite

On the Integrity of Cross-Origin JavaScripts

Ruohonen

Salovaara

Leppänen

2018

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

The same-origin policy is a fundamental part of the Web. Despite the restrictions imposed by the policy, embedding of third-party JavaScript code is allowed and commonly used. Nothing is guaranteed about the integrity of such code. To tackle this deficiency, solutions such as the subresource integrity standard have been recently introduced. Given this background, this paper presents the first empirical study on the temporal integrity of cross-origin JavaScript code. According to the empirical results based on a ten day polling period of over 35 thousand scripts collected from popular websites, (i) temporal integrity changes are relatively common; (ii) the adoption of the subresource integrity standard is still in its infancy; and (iii) it is possible to statistically predict whether a temporal integrity change is likely to occur. With these results and the accompanying discussion, the paper contributes to the ongoing attempts to better understand security and privacy in the current Web.

show abstract

Architectures for Inlining Security Monitors in Web Applications

Cited by 11 publications

References 34 publications

Monitoring of Client-Cloud Interaction

Monitoring of Client-Cloud Interaction

Correct Software in Web Applications and Web Services

On the Integrity of Cross-Origin JavaScripts

Contact Info

Product

Resources

About