Results - Details

Search command : Author="Μαρκάτος"  And Author="Ευάγγελος"  And Author="Π"

Current Record: 7 of 7

[Add to Basket]
Identifier	000347939
Title	xJS : fighting cross-site scripting attacks using isolation operators
Alternative Title	Καταπολεμώντας cross-Site scripting επιθέσεις χρησιμοποιώντας τελεστές απομόνωσης
Author	Παππάς, Βασίλειος Γεωργίου
Thesis advisor	Μαρκάτος, Ευάγγελος Π
Abstract	Web is a very dynamic ecosystem that is constantly evolving. It started as a collection of static HTML web pages and advanced to rich “Web 2.0” applications. As a side effect, all this new functionality and features gave birth to new types of attacks. In this thesis we focus on Cross-Site Scripting (XSS) attacks. We present new code injection attacks that defeat existing approaches for (XSS) prevention. This family of attacks resembles the classic return-to-libc attack in native code. Based on our findings, we proceed and present a fast and practical way to isolate all legitimate client-side code from possible code injections. We implement and evaluate our solution in one of the leading web browsers namely Firefox and in the Apache web server. Our framework can successfully prevent all 1,152 real-world attacks that were collected from a well-known XSS attack repository. Furthermore, our framework imposes negligible computational overhead in both the server and the client side. Finally, our modifications have no negative side-effects in the user’s experience.
Language	English
Issue date	2009-06-24
Collection	School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
	Type of Work--Post-graduate theses
Permanent Link	https://elocus.lib.uoc.gr//dlib/b/4/f/metadata-dlib-20a2dbc2425e386c5313e601bf15465b_1276247550.tkl
Views	562

Digital Documents
	Download document View document Views : 24