In this article, we survey the most common attacks against web sessions, that is, attacks that target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions that prevent or mitigate the different attacks by evaluating them along four different axes: Protection, usability, compatibility, and ease of deployment. We also assess several defensive solutions that aim at providing robust safeguards against multiple attacks. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way.
Surviving the Web: A Journey into Web Session Security
CALZAVARA, STEFANO;FOCARDI, Riccardo;SQUARCINA, MARCO;TEMPESTA, MAURO
2017-01-01
Abstract
In this article, we survey the most common attacks against web sessions, that is, attacks that target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions that prevent or mitigate the different attacks by evaluating them along four different axes: Protection, usability, compatibility, and ease of deployment. We also assess several defensive solutions that aim at providing robust safeguards against multiple attacks. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way.File | Dimensione | Formato | |
---|---|---|---|
main.pdf
accesso aperto
Tipologia:
Documento in Pre-print
Licenza:
Accesso chiuso-personale
Dimensione
325.26 kB
Formato
Adobe PDF
|
325.26 kB | Adobe PDF | Visualizza/Apri |
csur-17.pdf
non disponibili
Tipologia:
Versione dell'editore
Licenza:
Accesso chiuso-personale
Dimensione
409.62 kB
Formato
Adobe PDF
|
409.62 kB | Adobe PDF | Visualizza/Apri |
I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.