Verfügbarkeit: Web-based secure application control

Web-based secure application control:

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Braun, Bastian (VerfasserIn)
Format:	Abschlussarbeit Buch
Sprache:	English
Veröffentlicht:	2015
Schlagworte:	Computersicherheit Internet Datensicherung Hochschulschrift
Online-Zugang:	kostenfrei Volltext Inhaltsverzeichnis
Beschreibung:	Zusammenfassung in dt. Sprache
Beschreibung:	185 S. Ill., graph. Darst.

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV042699320
003	DE-604
005	20161124
007	t
008	150716s2015 ad\|\| m\|\|\| 00\|\|\| eng d
035			\|a (OCoLC)914166657
035			\|a (DE-599)BVBBV042699320
040			\|a DE-604 \|b ger \|e rakwb
041	0		\|a eng
049			\|a DE-384 \|a DE-473 \|a DE-703 \|a DE-1051 \|a DE-824 \|a DE-29 \|a DE-12 \|a DE-91 \|a DE-19 \|a DE-1049 \|a DE-92 \|a DE-739 \|a DE-898 \|a DE-355 \|a DE-706 \|a DE-20 \|a DE-1102
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
100	1		\|a Braun, Bastian \|e Verfasser \|4 aut
245	1	0	\|a Web-based secure application control \|c Bastian Braun
264		1	\|c 2015
300			\|a 185 S. \|b Ill., graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Zusammenfassung in dt. Sprache
502			\|a Passau, Univ., Diss., 2015
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Internet \|0 (DE-588)4308416-3 \|2 gnd \|9 rswk-swf
650	0	7	\|a Datensicherung \|0 (DE-588)4011144-1 \|2 gnd \|9 rswk-swf
655		7	\|0 (DE-588)4113937-9 \|a Hochschulschrift \|2 gnd-content
689	0	0	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	1	\|a Datensicherung \|0 (DE-588)4011144-1 \|D s
689	0	2	\|a Internet \|0 (DE-588)4308416-3 \|D s
689	0		\|5 DE-604
776	0	8	\|i Erscheint auch als \|n Online-Ausgabe \|o urn:nbn:de:bvb:739-opus4-3048
856	4	1	\|u https://opus4.kobv.de/opus4-uni-passau/frontdoor/index/index/docId/304 \|z kostenfrei \|3 Volltext
856	4	1	\|u https://nbn-resolving.org/urn:nbn:de:bvb:739-opus4-3048 \|x Resolving-System \|3 Volltext
856	4	2	\|m Digitalisierung UB Passau - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=028130849&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
912			\|a ebook
999			\|a oai:aleph.bib-bvb.de:BVB01-028130849

Datensatz im Suchindex

_version_	1804174897070473216
adam_text	Contents 1 Introduction 17 1.1 Motivation............................................................ 17 1.2 Thesis Outline and Contributions...................................... 19 1.2.1 Thesis Overview ............................................... 19 1.2.2 Associated Publications ...................................... 21 2 Web Communication and Respective Attacks 23 2.1 Basics of Web Communication........................................... 23 2.2 Authentication .................................................... 23 2.3 Authentication Tracking in the Web.................................... 24 2.4 Control-flow Integrity in Web Applications............................ 25 2.5 Attacks on Web Applications .......................................... 25 2.5.1 Phishing....................................................... 26 2.5.2 Session Hijacking.............................................. 27 2.5.3 Session Fixation............................................... 28 2.5.4 Clickjacking................................................... 31 2.5.5 Cross-site Request Forgery..................................... 33 2.5.6 Exploiting Race Conditions..................................... 34 2.5.7 HTTP Parameter Manipulation.................................... 35 2.5.8 Unsolicited Request Sequences.................................. 36 2.5.9 Forceful Browsing........................................ · · 36 2.5.10 Compromising Use of the “Back” Button.......................... 36 2.5.11 Further Attacks on User Accounts......................... · · 37 3 How Protocols can Meet the Web’s Security Requirements 39 3.1 Connection-oriented and Connectionless Protocols...................... 39 3.2 Connection-oriented Protocols in the Web Stack........................ 41 3.2.1 IPsec........................................................ 41 3.2.2 TCP........................................................... 42 3.2.3 SSL/TLS ..................................................... 43 3.2.4 Wrap-up.................................................. · · 44 3.3 The Unfeasibility of Connection-oriented HTTP . ... ՛................. 45 4 Repelling pre-Authentication Attacks 47 4.1 Motivation............................................................ 47 9 4.2 Exploiting Session Fixation ...................................... 47 4.2.1 Attack Vectors ................................................ 48 4.2.2 Impact and Discussion.......................................... 50 4.2.3 Practical Experiments.......................................... 51 4.3 Server-side Measures Against Session Fixation......................... 54 4.3.1 Code-level Countermeasures..................................... 54 4.3.2 Protection on the Framework Level.............................. 54 4.3.3 Protection via a Reverse Proxy................................. 56 4.3.4 Discussion................................................... 59 4.4 Related Work.......................................................... 60 4.5 Summary .............................................................. 60 4.6 Conclusion........................................................... 61 5 Augmenting Authentication Credentials Against Account Hijacking 63 5.1 Introduction.......................................................... 63 5.2 Augmenting the Password with Transparent Browser Authentication . . 64 5.2.1 Motivation..................................................... 64 5.2.2 The Context of Phishing Attacks................................ 65 5.2.3 PhishSafe...................................................... 69 5.2.4 Implementation................................................. 73 5.2.5 Evaluation..................................................... 76 5.2.6 Summary........................................................ 79 5.3 Augmenting the Session Cookie with User Knowledge to Mitigate Web Session-based Vulnerabilities......................................... 80 5.3.1 Motivation..................................................... 80 5.3.2 The Root Causes of Web Session-based Attacks................... 81 5.3.3 Session Imagination............................................ 82 5.3.4 Evaluation..................................................... 85 5.3.5 Summary........................................................ 88 5.4 Related Work........................................................ 88 5.4.1 Secure Login .................................................. 88 5.4.2 Secure Sessions................................................ 91 5.5 Conclusion........................................................ 91 6 * 6 A Trusted Path for End-to-End Authentication 93 6.1 Motivation............................................................ 93 6.2 Security Threats to Mobile Web Applications ......................... 94 6.2.1 Threat Classes ................................................ 94 6.2.2 On the Infeasibility of Existing Mitigation Approaches in Mobile Web Scenarios................................................... 95 6.2.3 Root Cause Analysis............................................ 96 6.3 Mobile Authenticator................................................... 97 6.3.1 Providing a Trusted Path Through an App........................ 98 6.3.2 Components..................................................... 99 10 6.3.3 Initial Enrollment on the Mobile Device ........................ 99 6.3.4 User Login......................................................100 6.3.5 Conducting Authorized Actions...................................100 6.3.6 Unknown Authorized Actions......................................101 6.3.7 Challenge and Response Formats..................................101 6.4 Implementation.........................................................102 6.4.1 Client-side Implementation......................................102 6.4.2 Server-side Implementation .....................................103 6.5 Evaluation........................................................... 104 6.5.1 Security Evaluation.............................................104 6.5.2 Attacking the MobileAuthenticator...............................105 6.5.3 Usability.......................................................106 6.6 Related Work.........................................................107 6.7 Summary ...............................................................107 6.8 Conclusion.............................................................108 7 Adaptive Security Policies for Web Sessions 109 7.1 Motivation...........................................................109 7.2 The Current State of (Secure) Web Session Tracking ...................Ill 7.2.1 Applicable Attacker Models......................................Ill 7.2.2 Web Session Tracking: Attacks Countermeasures.................111 7.2.3 Permissive and Restrictive Session Tracking Policies............113 7.3 Secure Web Session Tracking: How It Should Be....................114 7.3.1 Goal: State-dependent Session Tracking Behavior.................114 7.3.2 Approach: Server-side Push of the Authentication Status.........115 7.3.3 Restriction of Authenticated Cross-domain Communication to Pub- lic Interfaces.........................................................116 7.3.4 Security Benefits............................................. 117 7.4 Implementation of Client-side Protection.........................117 7.4.1 Detecting Session Status.................................. 118 7.4.2 Protection Features.............................................119 7.5 Evaluation........................................................... 122 7.5.1 Login Detection Quality .................................... 122 7.5.2 Security . .................................................. .124 7.5.3 Functionality of Websites.......................................125 7.6 Related Work...........................................................125 7.7 Summary ............................................................. 126 7.8 Conclusion...........................................................127 8 8 Request Filtering to Preserve Control-flow Integrity 129 8.1 Introduction...........................................................129 8.2 Root Causes for Attacks on Control-flow Integrity......................130 8.3 Survey: Control-flow Integrity Means in Web Application Frameworks . . 131 8.3.1 Probed Web Application Frameworks...............................132 11 8.3.2 Summary.......................................................138 8.4 Enforcing Control-flow Integrity in Web Application Frameworks.......138 8.4.1 Preserving Control-flow Integrity.............................139 8.4.2 Discussion Evaluation.......................................146 8.4.3 Summary.......................................................149 8.5 Providing Ad-hoc Control-flow Integrity for Web Applications.....150 8.5.1 Preserving Control-flow Integrity Ad Hoc......................150 8.5.2 Implementation.............................................. · 154 8.5.3 Evaluation.................................................. 155 8.5.4 Summary................................................... 158 8.6 Related Work..................................... ............. 158 8.6.1 Navigation-restriction Means................................ · 159 8.6.2 State Violation Detection ................................ 159 8.6.3 Client-side Manipulation Detection ......................... 160 8.6.4 Race Conditions............................................. 161 8.6.5 Access Control Mechanisms.....................................161 8.7 Conclusion................................................. 161 9 Conclusion 163 9.1 Summary .............................................................163 9.2 Future Work and Open Problems........................................164 9.3 Outlook..............................................................166 Bibliography 169 12
any_adam_object	1
author	Braun, Bastian
author_facet	Braun, Bastian
author_role	aut
author_sort	Braun, Bastian
author_variant	b b bb
building	Verbundindex
bvnumber	BV042699320
classification_rvk	ST 276
collection	ebook
ctrlnum	(OCoLC)914166657 (DE-599)BVBBV042699320
discipline	Informatik
format	Thesis Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01930nam a2200433 c 4500</leader><controlfield tag="001">BV042699320</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20161124 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">150716s2015 ad\|\| m\|\|\| 00\|\|\| eng d</controlfield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)914166657</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV042699320</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-384</subfield><subfield code="a">DE-473</subfield><subfield code="a">DE-703</subfield><subfield code="a">DE-1051</subfield><subfield code="a">DE-824</subfield><subfield code="a">DE-29</subfield><subfield code="a">DE-12</subfield><subfield code="a">DE-91</subfield><subfield code="a">DE-19</subfield><subfield code="a">DE-1049</subfield><subfield code="a">DE-92</subfield><subfield code="a">DE-739</subfield><subfield code="a">DE-898</subfield><subfield code="a">DE-355</subfield><subfield code="a">DE-706</subfield><subfield code="a">DE-20</subfield><subfield code="a">DE-1102</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Braun, Bastian</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Web-based secure application control</subfield><subfield code="c">Bastian Braun</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2015</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">185 S.</subfield><subfield code="b">Ill., graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Zusammenfassung in dt. Sprache</subfield></datafield><datafield tag="502" ind1=" " ind2=" "><subfield code="a">Passau, Univ., Diss., 2015</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Internet</subfield><subfield code="0">(DE-588)4308416-3</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4113937-9</subfield><subfield code="a">Hochschulschrift</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Internet</subfield><subfield code="0">(DE-588)4308416-3</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe</subfield><subfield code="o">urn:nbn:de:bvb:739-opus4-3048</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://opus4.kobv.de/opus4-uni-passau/frontdoor/index/index/docId/304</subfield><subfield code="z">kostenfrei</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://nbn-resolving.org/urn:nbn:de:bvb:739-opus4-3048</subfield><subfield code="x">Resolving-System</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=028130849&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ebook</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-028130849</subfield></datafield></record></collection>
genre	(DE-588)4113937-9 Hochschulschrift gnd-content
genre_facet	Hochschulschrift
id	DE-604.BV042699320
illustrated	Illustrated
indexdate	2024-07-10T07:07:41Z
institution	BVB
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-028130849
oclc_num	914166657
open_access_boolean	1
owner	DE-384 DE-473 DE-BY-UBG DE-703 DE-1051 DE-824 DE-29 DE-12 DE-91 DE-BY-TUM DE-19 DE-BY-UBM DE-1049 DE-92 DE-739 DE-898 DE-BY-UBR DE-355 DE-BY-UBR DE-706 DE-20 DE-1102
owner_facet	DE-384 DE-473 DE-BY-UBG DE-703 DE-1051 DE-824 DE-29 DE-12 DE-91 DE-BY-TUM DE-19 DE-BY-UBM DE-1049 DE-92 DE-739 DE-898 DE-BY-UBR DE-355 DE-BY-UBR DE-706 DE-20 DE-1102
physical	185 S. Ill., graph. Darst.
psigel	ebook
publishDate	2015
publishDateSearch	2015
publishDateSort	2015
record_format	marc
spelling	Braun, Bastian Verfasser aut Web-based secure application control Bastian Braun 2015 185 S. Ill., graph. Darst. txt rdacontent n rdamedia nc rdacarrier Zusammenfassung in dt. Sprache Passau, Univ., Diss., 2015 Computersicherheit (DE-588)4274324-2 gnd rswk-swf Internet (DE-588)4308416-3 gnd rswk-swf Datensicherung (DE-588)4011144-1 gnd rswk-swf (DE-588)4113937-9 Hochschulschrift gnd-content Computersicherheit (DE-588)4274324-2 s Datensicherung (DE-588)4011144-1 s Internet (DE-588)4308416-3 s DE-604 Erscheint auch als Online-Ausgabe urn:nbn:de:bvb:739-opus4-3048 https://opus4.kobv.de/opus4-uni-passau/frontdoor/index/index/docId/304 kostenfrei Volltext https://nbn-resolving.org/urn:nbn:de:bvb:739-opus4-3048 Resolving-System Volltext Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=028130849&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Braun, Bastian Web-based secure application control Computersicherheit (DE-588)4274324-2 gnd Internet (DE-588)4308416-3 gnd Datensicherung (DE-588)4011144-1 gnd
subject_GND	(DE-588)4274324-2 (DE-588)4308416-3 (DE-588)4011144-1 (DE-588)4113937-9
title	Web-based secure application control
title_auth	Web-based secure application control
title_exact_search	Web-based secure application control
title_full	Web-based secure application control Bastian Braun
title_fullStr	Web-based secure application control Bastian Braun
title_full_unstemmed	Web-based secure application control Bastian Braun
title_short	Web-based secure application control
title_sort	web based secure application control
topic	Computersicherheit (DE-588)4274324-2 gnd Internet (DE-588)4308416-3 gnd Datensicherung (DE-588)4011144-1 gnd
topic_facet	Computersicherheit Internet Datensicherung Hochschulschrift
url	https://opus4.kobv.de/opus4-uni-passau/frontdoor/index/index/docId/304 https://nbn-resolving.org/urn:nbn:de:bvb:739-opus4-3048 http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=028130849&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT braunbastian webbasedsecureapplicationcontrol

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge