These Aren’t the Links You’re Looking For A Security Policy for Web Navigation
Ladda ner
Typ
Examensarbete för masterexamen
Master Thesis
Master Thesis
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2017
Författare
Bjugård, Adrian
Kling, Kim
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
The workings of the World Wide Web (WWW) has a history of security problems with a root cause that is hard to fix. Cross-Site Scripting (XSS) and other types of injection attacks can be mitigated to some extent, but for regular Hypertext Markup Language (HTML) and web navigation no mitigation or detection mechanism exist. In the work, attacks to introduce navigation unwanted by the web application are shown together with the current state of the art defences. In the evaluation of defences, it is found that no mechanism has the ability to defend the web application from the injected web navigation. As a solution to this problem the Navigational Security Policy (NSP) is introduced. The NSP is an easy to understand schema enabling web developers to define the set of legal destinations originating from a web application. The NSP is shown to work as expected through the implementation, and an evaluation, of a proof of concept.
Beskrivning
Ämne/nyckelord
Data- och informationsvetenskap , Computer and Information Science