Data-Confined HTML5 Applications

Akhawe, Devdatta; Li, Frank; He, Wei; Saxena, Prateek; Song, Dawn

doi:10.1007/978-3-642-40203-6_41

Cited by 22 publications

(11 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mozilla Persona, formerly known as BrowserID, is another single sign-on system that uses email addresses as unique identifiers instead of URIs as done in WebID or OpenID [5]. To prove ownership of an email address, an identity provider issues an X.509 certificate to a trusted user.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Context-Aware WebID Certificate Creation Taking Individual Conditions and Trust Needs into Account

Wild

Ast

Gaedke

2013

Proceedings of International Conference on Information Integration and Web-Based Applications &Amp; Services

View full text Add to dashboard Cite

WebID is a new development of the W3C. As a universal identification mechanism, WebID enables users to authenticate through client certificates instead of username/password pairs. For creating such WebID certificates, there are different ways available. Each is characterized by several aspects that become important depending on a user's individual conditions and trust needs. Users must carefully consider these aspects on their own to find the most appropriate way for them. There is a risk that inexperienced users make wrong considerations, which affect their security and privacy. In this work, we propose an approach towards a context-aware WebID certificate creation taking individual conditions and trust needs into account. As a proof of concept, we apply the SWAC framework that facilitates JavaScript-based generation of WebID certificates on both client and server. We evaluate our approach and available methods including HTML5 keygen and native implementations using different devices and Web browsers.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Section 4). The hybrid generation mode relies on native support by the Web browsers, which is not provided or planned to provide by all Web browser vendors 5 .…”

Section: Characteristics Of Generation Modesmentioning

confidence: 99%

Towards a Context-Aware WebID Certificate Creation Taking Individual Conditions and Trust Needs into Account

Wild

Ast

Gaedke

2013

Proceedings of International Conference on Information Integration and Web-Based Applications &Amp; Services

View full text Add to dashboard Cite

show abstract

“…Platform production systems are cloud PaaS (Platform as a Service) similar to the type you need to install a separate SDK without using a Web browser, anytime, anywhere, and you can use the authoring interface platform. Interface creation tools are based on the development of HTML5 [11,12]. Figure 5 shows the interface structure of the platform for production systems.…”

Section: Platform Based On Cloud Of Customized Interfacementioning

confidence: 99%

Cloud System for User-Customized Mobile Interface Sharing in Wireless Environment

Park

Ryu

Kim

et al. 2016

Wireless Pers Commun

View full text Add to dashboard Cite

In this paper, we use a network-based cloud environment, the software keyboard is built into the smart mobile devices will be customized to provide the user interface. Customized user interface using a network-based interface for the cloud as the optimized interface with a variety of individual application environments, user will have a desired interface for their usage. If the user requests the Node.js and JQuery-based interface to provide an interface, it will provide an interface quicker. The server processes the data quickly and builds server data. There has an algorithm which was developed to return the existing MongoDB. We will use M/M/1, M/M/C Queueing Model for using performance analysis and testing existing MongoDB Server which applied the algorithm to provide and manage user interface effectively. In addition, We propose SLAN to share data between among users, and test this method.

show abstract

“…A second channel is to leak decrypted content via the clientside code. Defenses to prevent client-side data exfiltration have recently been proposed using features in HTML5 such as temporary origins [12]. We assume that with the help of the trusted authentication and key server, we can privilege separate the decryption and data export channels in a secure origin on the client-side.…”

Section: Threat Modelmentioning

confidence: 99%

Autocrypt

Tople

Shinde

Chen

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

View full text Add to dashboard Cite

Web servers are vulnerable to a large class of attacks which can allow network attacker to steal sensitive web content. In this work, we investigate the feasibility of a web server architecture, wherein the vulnerable server VM runs on a trusted cloud. All sensitive web content is made available to the vulnerable server VM in encrypted form, thereby limiting the effectiveness of data-stealing attacks through server VM compromise.In this context, the main challenge is to allow the legitimate functionality of the untrusted server VM to work. As a step towards this goal, we develop a tool called AUTOCRYPT, which transforms a subset of existing C functionality in the web stack to operate on encrypted sensitive content. We show that such a transformation is feasible for several standard Unix utilities available in a typical LAMP stack, with no developer effort. Key to achieving this expressiveness over encrypted data, is our scheme to combine and convert between partially-homomorphic encryption (PHE) schemes using a small TCB in the trusted cloud hypervisor. We show that x86 code transformed with AUTOCRYPT achieves performance that is significantly better than its alternatives (downloading to a trusted client, or using fully-homomorphic encryption).

show abstract

Data-Confined HTML5 Applications

Cited by 22 publications

References 27 publications

Towards a Context-Aware WebID Certificate Creation Taking Individual Conditions and Trust Needs into Account

Towards a Context-Aware WebID Certificate Creation Taking Individual Conditions and Trust Needs into Account

Cloud System for User-Customized Mobile Interface Sharing in Wireless Environment

Autocrypt

Contact Info

Product

Resources

About