Visible to the public Protection against Web 2.0 Client-Side Web Attacks Using Information Flow Control

TitleProtection against Web 2.0 Client-Side Web Attacks Using Information Flow Control
Publication TypeConference Paper
Year of Publication2014
AuthorsSayed, B., Traore, I.
Conference NameAdvanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on
Date PublishedMay
ISBN Number978-1-4799-2653-4
KeywordsAJAX, antivirus solutions, botnets, Browsers, Client-side web attacks, Computer crime, cross-site request forgery, cross-site scripting, cyber-criminals, data protection, feature extraction, firewalls, IDS systems, Information Flow Control, information leakage, Internet, invasive software, legitimate Web sites, malicious script injection, protection systems, secure browsing environment, security, Semantics, Servers, social networks, Web 2.0, Web 2.0 client-side Web attacks, Web pages
Abstract

The dynamic nature of the Web 2.0 and the heavy obfuscation of web-based attacks complicate the job of the traditional protection systems such as Firewalls, Anti-virus solutions, and IDS systems. It has been witnessed that using ready-made toolkits, cyber-criminals can launch sophisticated attacks such as cross-site scripting (XSS), cross-site request forgery (CSRF) and botnets to name a few. In recent years, cyber-criminals have targeted legitimate websites and social networks to inject malicious scripts that compromise the security of the visitors of such websites. This involves performing actions using the victim browser without his/her permission. This poses the need to develop effective mechanisms for protecting against Web 2.0 attacks that mainly target the end-user. In this paper, we address the above challenges from information flow control perspective by developing a framework that restricts the flow of information on the client-side to legitimate channels. The proposed model tracks sensitive information flow and prevents information leakage from happening. The proposed model when applied to the context of client-side web-based attacks is expected to provide a more secure browsing environment for the end-user.

URLhttps://ieeexplore.ieee.org/document/6844648
DOI10.1109/WAINA.2014.52
Citation Key6844648