Analysis and prevention of security threats in web and cryptographic applications

In recent years we have faced a multitude of security flaws posing a serious threat to the whole society, ranging from individuals to national critical infrastructures. For this reason, it is of crucial importance to effectively enforce security on real systems, by identifying flaws and putting in place novel security mechanisms and techniques. Along this path, we provide practical contributions on Web security and cryptographic APIs. We first review the field of Web session security by surveying the most common attacks against web sessions. Existing security solutions are evaluated along four different axes: protection, usability, compatibility and ease of deployment. We also identify a few guidelines that can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way. Additionally, we propose a new browser-side security enforcement technique for Web protocols. The core idea is to extend the browser with a monitor which, given the protocol specification, enforces the required confidentiality and integrity properties, as well as the intended protocol flow. For what concerns the security of cryptographic APIs, we investigate an effective method to monitor existing cryptographic systems in order to detect, and possibly prevent, the leak- age of sensitive cryptographic keys. Key security is stated formally and it is proved that the method is sound, complete and efficient under the assumption that a key fingerprint is given for each sensitive key. We also provide a thoughtful analysis of Java keystores, storage facili- ties to manage and securely store keys in Java applications. We devise a precise threat model and distill a set of security properties. We report on unpublished attacks and weaknesses in implementations that do not adhere to state-of-the-art cryptographic standards and discuss the fixes on popular Java libraries released after our responsible disclosure.