These Aren’t the Links You’re Looking For A Security Policy for Web Navigation

dc.contributor.authorBjugård, Adrian
dc.contributor.authorKling, Kim
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)sv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineering (Chalmers)en
dc.description.abstractThe workings of the World Wide Web (WWW) has a history of security problems with a root cause that is hard to fix. Cross-Site Scripting (XSS) and other types of injection attacks can be mitigated to some extent, but for regular Hypertext Markup Language (HTML) and web navigation no mitigation or detection mechanism exist. In the work, attacks to introduce navigation unwanted by the web application are shown together with the current state of the art defences. In the evaluation of defences, it is found that no mechanism has the ability to defend the web application from the injected web navigation. As a solution to this problem the Navigational Security Policy (NSP) is introduced. The NSP is an easy to understand schema enabling web developers to define the set of legal destinations originating from a web application. The NSP is shown to work as expected through the implementation, and an evaluation, of a proof of concept.
dc.subjectData- och informationsvetenskap
dc.subjectComputer and Information Science
dc.titleThese Aren’t the Links You’re Looking For A Security Policy for Web Navigation
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster Thesisen
local.programmeComputer systems and networks (MPCSN), MSc
Ladda ner
Original bundle
Visar 1 - 1 av 1
Bild (thumbnail)
804.99 KB
Adobe Portable Document Format