Do Not Trust the Clouds Easily: The Insecurity of Content Security Policy Based on Object Storage

Lv, Yangzixing; Shi, Wei; Zhang, Weiyong; Lu, Hui; Tian, Zhihong

doi:10.1109/jiot.2023.3238658

Cited by 7 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Of particular concern is the vulnerability of JavaScript in supply chain attacks [23,24,25], highlighting de ciencies in verifying the integrity of third-party script content, making JavaScript a potential threat that jeopardizes user security. To enhance the security of government websites, security measures such as Subresource Integrity (SRI) [26] and Content Security Policy (CSP) [27,28,29,30,31,32] become crucial. These measures help mitigate security risks faced by government websites and enhance their resilience against malicious attacks.…”

Section: Related Workmentioning

confidence: 99%

SilkSecured: A Comprehensive Analysis of Security and Dependencies in China's Governmental Web Systems

Zuo,

Cheng,

et al. 2024

Preprint

View full text Add to dashboard Cite

The study "SilkSecured" delves into the practice of governmental web systems in China. It scrutinizes the security and dependency challenges besieging China's governmental web infrastructure, with an intent to unearth pivotal concerns and proffer enhancements. The inquiry reveals substantial vulnerabilities and dependencies that could impede the digital efficacy and safety of governmental web systems. To counter these identified frailties, "SilkSecured" presents a suite of strategic recommendations tailored to bolster the digital fortitude of China's governmental web infrastructure. It underscores the critical need for robust domain name resolution services to assure secure and reliable access to government websites. The study accentuates the necessity for stringent vetting and regular updates of third-party libraries, aiming to avert potential security threats. Furthermore, it advocates for an optimized deployment of web systems by advocating for a diversified distribution of network nodes, which could substantially augment system resilience and performance. Through this comprehensive analysis, "SilkSecured" aspires to serve as a beacon for governmental departments, championing the ongoing enhancement of security protocols within China's governmental web domains. This initiative is envisioned to fortify the digital infrastructure against the spectrum of evolving cyber threats, thus safeguarding the digital governance ecosystem in China. The recommendations provided aim to underpin the robustness and reliability of governmental web systems, ensuring their integrity in the digital era.

show abstract

Section: Related Workmentioning

confidence: 99%

SilkSecured: A Comprehensive Analysis of Security and Dependencies in China's Governmental Web Systems

Zuo,

Cheng,

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Perkembangan teknologi yang pesat beriringan dengan perkembangan teknik kejahatan siber. Serangan siber memiliki dampak yang besar pada penyimpanan data (Lv et al, 2023;Mijwil et al, 2023). SSD adalah salah satu alat penyimpanan yang sering digunakan saat ini (Lv et al, 2020;Liu et al, 2022).…”

Section: Pendahuluanunclassified

Teknik Disk Carving untuk Recovery Solid State Drive Volume ReFS dan NTFS dengan Fitur TRIM

Muhardinata,

Luthfi,

Ramadhani

2023

jiip

View full text Add to dashboard Cite

Resilient File Sistem (ReFS) dan New Technology File System (NTFS) memiliki informasi metadata yang berbeda, sehingga membuat proses pemulihan data yang telah dihapus secara permanen menjadi sulit. Ini disebabkan oleh fakta bahwa alat analisis forensik yang umum digunakan bergantung pada tabel master file sistem yang tidak dapat dibaca pada volume ReFS. Perbedaan dalam metadata ini juga memengaruhi fitur TRIM pada Solid State Drive (SSD). Penelitian ini bertujuan untuk menguji pengaruh Teknik Disk Carving pada SSD dengan volume ReFS dan NTFS. Kami menggunakan metode Forensika Langsung yang mengikuti Standar Nasional Indonesia (SNI) 27037:2014. Metode ini dipilih karena memungkinkan kami untuk mengambil lebih banyak data dengan menggunakan alat seperti FTKImager. Kami mengumpulkan 34 sampel data dari volume ReFS dan 34 sampel data dari volume NTFS pada SSD dengan TRIM dinonaktifkan dan diaktifkan. Hasil penelitian menunjukkan bahwa data yang berhasil dipulihkan pada SSD dengan TRIM aktif adalah sekitar 9% pada volume NTFS, sementara pada volume ReFS data yang berhasil dipulihkan adalah 0%. Namun, pada SSD dengan TRIM dinonaktifkan semua data berhasil dipulihkan pada volume NTFS, sementara pada volume ReFS sekitar 74% data berhasil dipulihkan. Kesimpulannya setelah penelitian ini, data pada sistem file ReFS dengan TRIM dinonaktifkan dapat dibaca kembali melalui teknik disk carving. Sistem file juga memengaruhi SSD dengan fitur TRIM yang diaktifkan. Setelah pemulihan data pada volume ReFS dengan TRIM aktif, data akan muncul dalam bentuk folder tanpa nilai HASH, sementara pada volume NTFS dengan TRIM aktif, data tetap utuh tetapi sebagian besar memiliki nilai kunci HASH yang berbeda dari file aslinya.

show abstract

Against Credential Thief - A Modular Honeytoken Based Framework

Nie,

Tan

2024

Mechanisms and Machine Science

View full text Add to dashboard Cite

Do Not Trust the Clouds Easily: The Insecurity of Content Security Policy Based on Object Storage

Cited by 7 publications

References 21 publications

SilkSecured: A Comprehensive Analysis of Security and Dependencies in China's Governmental Web Systems

SilkSecured: A Comprehensive Analysis of Security and Dependencies in China's Governmental Web Systems

Teknik Disk Carving untuk Recovery Solid State Drive Volume ReFS dan NTFS dengan Fitur TRIM

Against Credential Thief - A Modular Honeytoken Based Framework

Contact Info

Product

Resources

About