Protection against Web 2.0 Client-Side Web Attacks Using Information Flow Control
Title | Protection against Web 2.0 Client-Side Web Attacks Using Information Flow Control |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Sayed, B., Traore, I. |
Conference Name | Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on |
Date Published | May |
ISBN Number | 978-1-4799-2653-4 |
Keywords | AJAX, antivirus solutions, botnets, Browsers, Client-side web attacks, Computer crime, cross-site request forgery, cross-site scripting, cyber-criminals, data protection, feature extraction, firewalls, IDS systems, Information Flow Control, information leakage, Internet, invasive software, legitimate Web sites, malicious script injection, protection systems, secure browsing environment, security, Semantics, Servers, social networks, Web 2.0, Web 2.0 client-side Web attacks, Web pages |
Abstract | The dynamic nature of the Web 2.0 and the heavy obfuscation of web-based attacks complicate the job of the traditional protection systems such as Firewalls, Anti-virus solutions, and IDS systems. It has been witnessed that using ready-made toolkits, cyber-criminals can launch sophisticated attacks such as cross-site scripting (XSS), cross-site request forgery (CSRF) and botnets to name a few. In recent years, cyber-criminals have targeted legitimate websites and social networks to inject malicious scripts that compromise the security of the visitors of such websites. This involves performing actions using the victim browser without his/her permission. This poses the need to develop effective mechanisms for protecting against Web 2.0 attacks that mainly target the end-user. In this paper, we address the above challenges from information flow control perspective by developing a framework that restricts the flow of information on the client-side to legitimate channels. The proposed model tracks sensitive information flow and prevents information leakage from happening. The proposed model when applied to the context of client-side web-based attacks is expected to provide a more secure browsing environment for the end-user. |
URL | https://ieeexplore.ieee.org/document/6844648 |
DOI | 10.1109/WAINA.2014.52 |
Citation Key | 6844648 |
- Information Leakage
- Web pages
- Web 2.0 client-side Web attacks
- Web 2.0
- social networks
- Servers
- Semantics
- security
- secure browsing environment
- protection systems
- malicious script injection
- legitimate Web sites
- invasive software
- internet
- AJAX
- Information Flow Control
- IDS systems
- firewalls
- feature extraction
- Data protection
- cyber-criminals
- cross-site scripting
- cross-site request forgery
- Computer crime
- Client-side web attacks
- Browsers
- botnets
- antivirus solutions