Client Side Web Session Integrity as a Non-interference Property

Khan, Wilayat; Calzavara, Stefano; Bugliesi, Michele; Groef, Willem De; Piessens, Frank

doi:10.1007/978-3-319-13841-1_6

Cited by 8 publications

(5 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We remark that both our theory and implementation just focus on the confidentiality of session cookies, which is a necessary precondition for thwarting the risks of session hijacking. However, several serious security threats against web sessions do not follow by confidentiality violations: for instance, classic CSRF vulnerabilities should rather be interpreted in terms of attacks on request integrity [23]. Several existing browser-based defenses mitigate the risk of other attacks against web sessions [32,31,30,27,10].…”

Section: Browser-side Protection Mechanismsmentioning

confidence: 99%

CookiExt: Patching the browser against session hijacking attacks

Bugliesi

Calzavara

Focardi

et al. 2015

JCS

Self Cite

View full text Add to dashboard Cite

Session cookies constitute one of the main attack targets against client authentication on the Web. To counter these attacks, modern web browsers implement native cookie protection mechanisms based on the HttpOnly and Secure flags. While there is a general understanding about the effectiveness of these defenses, no formal result has so far been proved about the security guarantees they convey. With the present paper we provide the first such result, by presenting a mechanized proof of noninterference assessing the robustness of the HttpOnly and Secure cookie flags against both web and network attackers with the ability to perform arbitrary XSS code injection. We then develop CookiExt, a browser extension that provides client-side protection against session hijacking, based on appropriate flagging of session cookies and automatic redirection over HTTPS for HTTP requests carrying these cookies. Our solution improves over existing client-side defenses by combining protection against both web and network attacks, while at the same time being designed so as to minimise its effects on the user’s browsing experience. Finally, we report on the experiments we carried out to practically evaluate the effectiveness of our approach

show abstract

Section: Browser-side Protection Mechanismsmentioning

confidence: 99%

CookiExt: Patching the browser against session hijacking attacks

Bugliesi

Calzavara

Focardi

et al. 2015

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Software systems, in particular those used in business or life critical systems, must be ensured to behave as desired using formal tools. Bugliesi et al used formal techniques to study web session integrity [25,26] and web session confidentiality [27,28]. In addition to the formal analysis, they also developed prototype browser extension as the proof of concept.…”

Section: Formal Software Verificationmentioning

confidence: 99%

“…Images. To state and prove interesting properties of binary and grayscale images, different operations over pixels and images are first defined in Listing 10. ese operations include equality of colors eqbcol (lines 1-6), negation of a color negcolor (lines 8-12), negation of a pixel color negpix (lines 14-17), negation of a binary image negimage (lines[19][20][21][22][23], equality of pixels eqpixel (lines[25][26][27][28][29], and negation of a specific pixel in an image negpiximg (lines 31-37), respectively. e first function eqbcol defines when two colors are equal.…”

mentioning

confidence: 99%

Proving Reliability of Image Processing Techniques in Digital Forensics Applications

Iqbal

Khan

Alothaim

et al. 2022

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Binary images have found its place in many applications, such as digital forensics involving legal documents, authentication of images, digital books, contracts, and text recognition. Modern digital forensics applications involve binary image processing as part of data hiding techniques for ownership protection, copyright control, and authentication of digital media. Whether in image forensics, health, or other fields, such transformations are often implemented in high-level languages without formal foundations. The lack of formal foundation questions the reliability of the image processing techniques and hence the forensic results loose their legal significance. Furthermore, counter-forensics can impede or mislead the forensic analysis of the digital images. To ensure that any image transformation meet high standards of safety and reliability, more rigorous methods should be applied to image processing applications. To verify the reliability of these transformations, we propose to use formal methods based on theorem proving that can fulfil high standards of safety. To formally investigate binary image processing, in this paper, a reversible formal model of the binary images is defined in the Proof Assistant Coq. Multiple image transformation methods are formalized and their reliability properties are proved. To analyse real-life RGB images, a prototype translator is developed that reads RGB images and translate them to Coq definitions. As the formal definitions and proof scripts can be validated automatically by the computer, this raises the reliability and legal significance of the image forensic applications.

show abstract

“…In the context of web sessions, [12] employed reactive non-interference [10] to formalize and prove strong confidentiality properties for session cookies protected with the HttpOnly and Secure attributes, a necessary condition for any reasonable notion of session integrity. A variant of reactive non-interference was also proposed in [29] to formalize an integrity property of web sessions which rules out CSRF attacks and malicious script inclusions. The paper also introduced a browser-side enforcement mechanism based on secure multi-execution [21].…”

Section: Related Workmentioning

confidence: 99%

“…Given the complexity of session management and the range of threats to be faced on the web, a formal understanding of web session security and the design of automated verification techniques is an important research direction. Web sessions and their desired security properties have been formally studied in several papers developing browser-side defenses for web sessions [13], [12], [29], [14]: while the focus on browserside protection mechanisms is appealing to protect users of vulnerable web applications, the deployment of these solutions is limited since it is hard to design browser-side defenses that do not cause compatibility issues on existing websites and are effective enough to be integrated in commercial browsers [16].…”

Section: Introductionmentioning

confidence: 99%

Language-Based Web Session Integrity

Calzavara¹,

Focardi²,

Grimm³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Session management is a fundamental component of web applications: despite the apparent simplicity, correctly implementing web sessions is extremely tricky, as witnessed by the large number of existing attacks. This motivated the design of formal methods to rigorously reason about web session security which, however, are not supported at present by suitable automated verification techniques. In this paper we introduce the first security type system that enforces session security on a core model of web applications, focusing in particular on serverside code. We showcase the expressiveness of our type system by analyzing the session management logic of HotCRP, Moodle, and phpMyAdmin, unveiling novel security flaws that have been acknowledged by software developers.1. manage[sid](paper , action, token) ֒→ 2. start @sid; 3. if $user = ⊥ then 4.reply ({auth → form(login, ⊥, ⊥ )}, skip, {}) 5. else if paper = ⊥ then 6.$utoken = fresh(); 7.reply ({add → form(manage, ⊥, submit, x ), 8.del → form(manage , ⊥, withdraw, x )}, skip, {}) 9.with x = $utoken 10. else if tokenchk(token, $utoken) then 11.auth paper , action at ℓ C ; reply ({}, skip, {})

show abstract

Client Side Web Session Integrity as a Non-interference Property

Cited by 8 publications

References 24 publications

CookiExt: Patching the browser against session hijacking attacks

CookiExt: Patching the browser against session hijacking attacks

Proving Reliability of Image Processing Techniques in Digital Forensics Applications

Language-Based Web Session Integrity

Contact Info

Product

Resources

About