We overview the most significant security issues in cryptographic web applications and review the solutions proposed in the literature. We focus in particular on principled techniques amenable to formal verification, for two reasons. First, cryptographic web applications are expected to satisfy strong security and privacy requirements, hence provably sound (or at the very least rigorous) guarantees are desirable. Second, the complexity of the web platform and the huge extension of the attack surface against cryptographic web applications call for a systematic, formal assessment of the entire implementation stack from specification to production code.

Cryptographic Web Applications: from Security Engineering to Formal Analysis

Michele Bugliesi;Stefano Calzavara;Alvise Rabitti
2023-01-01

Abstract

We overview the most significant security issues in cryptographic web applications and review the solutions proposed in the literature. We focus in particular on principled techniques amenable to formal verification, for two reasons. First, cryptographic web applications are expected to satisfy strong security and privacy requirements, hence provably sound (or at the very least rigorous) guarantees are desirable. Second, the complexity of the web platform and the huge extension of the attack surface against cryptographic web applications call for a systematic, formal assessment of the entire implementation stack from specification to production code.
2023
Handbook of Formal Analysis and Verification in Cryptography
File in questo prodotto:
File Dimensione Formato  
Handbook-Chapter.pdf

non disponibili

Tipologia: Documento in Pre-print
Licenza: Accesso chiuso-personale
Dimensione 355.95 kB
Formato Adobe PDF
355.95 kB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/5016383
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact