dc.contributor.advisor | Knapskog, Svein Johan | nb_NO |
dc.contributor.advisor | J. Knapskog, Svein | nb_NO |
dc.contributor.advisor | Sjödin, Peter | nb_NO |
dc.contributor.advisor | Bolstad, Lars Erik | nb_NO |
dc.contributor.author | Prabhakara, Deepak | nb_NO |
dc.date.accessioned | 2014-12-19T14:12:25Z | |
dc.date.available | 2014-12-19T14:12:25Z | |
dc.date.created | 2010-09-03 | nb_NO |
dc.date.issued | 2009 | nb_NO |
dc.identifier | 347734 | nb_NO |
dc.identifier | ntnudaim:4177 | nb_NO |
dc.identifier.uri | http://hdl.handle.net/11250/261782 | |
dc.description.abstract | The Web has evolved to support sophisticated web applications. These web applications are exposed to a number of attacks and vulnerabilities. The existing security model is unable to cope with these increasing attacks and there is a need for a new security model that not only provides the required security but also supports recent advances like AJAX and mashups. The attacks on client-side Web Applications can be attributed to four main reasons – 1) lack of a security context for Web Browsers to take decisions on the legitimacy of requests, 2) inadequate JavaScript security, 3) lack of a Network Access Control and 4) lack of security in Cross-Domain Web Applications. This work explores these four reasons and proposes a new security model that attempts to improve overall security for Web Applications. The proposed security model allows developers of Web Applications to define fine-grained security policies and Web Browsers enforce these rules; analogous to a configurable firewall for each Web Application. The Browser has disallows all unauthorized requests, thus preventing most common attacks like Cross-Site Script Injections, Cross-Frame Scripting and Cross-Site Tracing. In addition the security model defines a framework for secure Cross-Domain Communication, thus allowing secure mashups of Web Services. The security model is backward compatible, does not affect the current usability of the Web Applications and has cross-platform applicability. The proposed security model was proven to protect against most common attacks, by a proof-of-concept implementation that was tested against a comprehensive list of known attacks. | nb_NO |
dc.language | eng | nb_NO |
dc.publisher | Institutt for telematikk | nb_NO |
dc.subject | ntnudaim | no_NO |
dc.subject | SIE7 kommunikasjonsteknologi | no_NO |
dc.subject | Telematikk | no_NO |
dc.title | Web Applications Security: A security model for client-side web applications | nb_NO |
dc.type | Master thesis | nb_NO |
dc.source.pagenumber | 72 | nb_NO |
dc.contributor.department | Norges teknisk-naturvitenskapelige universitet, Fakultet for informasjonsteknologi, matematikk og elektroteknikk, Institutt for telematikk | nb_NO |