Provably Sound Browser-Based Enforcement of Web Session Integrity

Bugliesi, Michele; Calzavara, Stefano; Focardi, Riccardo; Khan, Wilayat; Tempesta, Mauro

doi:10.1109/csf.2014.33

Cited by 19 publications

(25 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly to the HTTP-Only flag, the Secure flag can be selectively applied to authentication cookies at the client-side, thus achieving additional protection against powerful network attackers [Bugliesi et al 2014a[Bugliesi et al , 2014b. Another solution against eavesdropping is HSTS [Hodges et al 2012], a browser security policy that forces any HTTP communication attempt to protected domains to be upgraded to HTTPS.…”

Section: Eavesdroppingmentioning

confidence: 99%

“…A complementary line of defense, advocated in a series of recent papers, may be built directly within the browser through client-side protection mechanisms [Tang et al 2011;De Ryck et al 2012Bugliesi et al 2014aBugliesi et al , 2014b. The key idea underlying such mechanisms is to apply the security practices neglected by the server by detecting authentication cookies at the client-side and enforcing a more conservative browser behavior when accessing them, for instance by applying them the HTTP-Only flag when it is not set by the web developers.…”

Section: Introductionmentioning

confidence: 97%

See 1 more Smart Citation

A Supervised Learning Approach to Protect Client Authentication on the Web

et al. 2015

Self Cite

View full text Add to dashboard Cite

Browser-based defenses have recently been advocated as an effective mechanism to protect potentially insecure web applications against the threats of session hijacking, fixation, and related attacks. In existing approaches, all such defenses ultimately rely on client-side heuristics to automatically detect cookies containing session information, to then protect them against theft or otherwise unintended use. While clearly crucial to the effectiveness of the resulting defense mechanisms, these heuristics have not, as yet, undergone any rigorous assessment of their adequacy. In this article, we conduct the first such formal assessment, based on a ground truth of 2,464 cookies we collect from 215 popular websites of the Alexa ranking.To obtain the ground truth, we devise a semiautomatic procedure that draws on the novel notion of authentication token, which we introduce to capture multiple web authentication schemes. We test existing browser-based defenses in the literature against our ground truth, unveiling several pitfalls both in the heuristics adopted and in the methods used to assess them. We then propose a new detection method based on supervised learning, where our ground truth is used to train a set of binary classifiers, and report on experimental evidence that our method outperforms existing proposals. Interestingly, the resulting classifiers, together with our hands-on experience in the construction of the ground truth, provide new insight on how web authentication is actually implemented in practice. . 2015. A supervised learning approach to protect client authentication on the web.

show abstract

Section: Eavesdroppingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 97%

A Supervised Learning Approach to Protect Client Authentication on the Web

et al. 2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…Later, Bohannon and Pierce [8] developed Featherweight Firefox, a formal model of a simple browser, with the purpose of formally studying confidentiality and integrity policies for browsers, including reactive non-interference policies. This browser model did not yet model session management, and very recently Bugliesi et al [10] developed Flyweight Firefox, a variant of Featherweight Firefox, and provided a formal definition of web session integrity as well as a provably sound enforcement mechanism. The advantage of our approach is that, by providing information flow control instead of access control, we can more precisely enforce session integrity.…”

Section: Formal Models Of Web Session Integritymentioning

confidence: 99%

“…We can do substantially better: instead of dropping such requests, we can strip the session cookie from the request as in other client-side CSRF protection systems [10,14]. We assume the existence of a function strip L…”

Section: Enforcementmentioning

confidence: 99%

“…This is an excellent definition for the purpose of studying CSRF attacks and countermeasures, but the underlying model does not have a sufficiently detailed representation of scripts to study other application-level session integrity issues. In a very recent paper, Bugliesi et al [10] are the first to provide a formal definition of session integrity that is browser-centric and amenable for client-side enforcement. They define how an attacker can influence execution traces of the browser, and then define session integrity as the property that the attacker has no effective way of interfering with an authenticated session.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Client Side Web Session Integrity as a Non-interference Property

Khan

Calzavara

Bugliesi

et al. 2014

Information Systems Security

Self Cite

View full text Add to dashboard Cite

Abstract. Sessions on the web are fragile. They have been attacked successfully in many ways, by network-level attacks, by direct attacks on session cookies (the main mechanism for implementing the session concept) and by application-level attacks where the integrity of sessions is violated by means of cross-site request forgery or malicious script inclusion. This paper defines a variant of non-interference -the classical security notion from information flow security -that can be used to formally define the notion of client-side application-level web session integrity. The paper also develops and proves correct an enforcement mechanism. Combined with state-of-the-art countermeasures for network-level and cookie-level attacks, this enforcement mechanism gives very strong assurance about the client-side preservation of session integrity for authenticated sessions.

show abstract