Results - Details
Search command : Author="Μαρκάτος"
And Author="Ευάγγελος"
And Author="Π"
Current Record: 7 of 7
|
Identifier |
000347939 |
Title |
xJS : fighting cross-site scripting attacks using isolation operators |
Alternative Title |
Καταπολεμώντας cross-Site scripting επιθέσεις χρησιμοποιώντας τελεστές απομόνωσης |
Author
|
Παππάς, Βασίλειος Γεωργίου
|
Thesis advisor
|
Μαρκάτος, Ευάγγελος Π
|
Abstract |
Web is a very dynamic ecosystem that is constantly evolving. It started as a collection of static HTML web pages and advanced to rich “Web 2.0” applications. As a side effect, all this new functionality and features gave birth to new types of attacks.
In this thesis we focus on Cross-Site Scripting (XSS) attacks. We present new code injection attacks that defeat existing approaches for (XSS) prevention. This family of attacks resembles the classic return-to-libc attack in native code. Based on our findings, we proceed and present a fast and practical way to isolate all legitimate client-side code from possible code injections. We implement and evaluate our solution in one of the leading web browsers namely Firefox and in the Apache web server. Our framework can successfully prevent all 1,152 real-world attacks that were collected from a well-known XSS attack repository. Furthermore, our framework imposes negligible computational overhead in both the server and the client side. Finally, our modifications have no negative side-effects in the user’s experience.
|
Language |
English |
Issue date |
2009-06-24 |
Collection
|
School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
|
|
Type of Work--Post-graduate theses
|
Permanent Link |
https://elocus.lib.uoc.gr//dlib/b/4/f/metadata-dlib-20a2dbc2425e386c5313e601bf15465b_1276247550.tkl
|
Views |
562 |