Surviving the Web-Reference-Cited by-同舟云学术

Surviving the Web

Published:2018-01-31 Issue:1 Volume:50 Page:1-34
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Calzavara Stefano¹^ORCID,Focardi Riccardo¹,Squarcina Marco¹,Tempesta Mauro¹

Affiliation:

1. Università Ca’ Foscari, Venezia, Italy

Abstract

In this article, we survey the most common attacks against web sessions, that is, attacks that target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions that prevent or mitigate the different attacks by evaluating them along four different axes: protection, usability, compatibility, and ease of deployment. We also assess several defensive solutions that aim at providing robust safeguards against multiple attacks. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3038923

Reference91 articles.

1. Towards a Formal Foundation of Web Security

2. Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage

3. Adam Barth. 2011a. HTTP State Management Mechanism. Retrieved from http://tools.ietf.org/html/rfc6265. Adam Barth. 2011a. HTTP State Management Mechanism. Retrieved from http://tools.ietf.org/html/rfc6265.

4. Adam Barth. 2011b. The Web Origin Concept. Retrieved from http://tools.ietf.org/html/rfc6454. Adam Barth. 2011b. The Web Origin Concept. Retrieved from http://tools.ietf.org/html/rfc6454.

Cited by 32 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Tabbed Out: Subverting the Android Custom Tab Security Model;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. Zt &t: secure service session management using blockchain-based tokens in zero trust networks.;Annals of Telecommunications;2024-02-03

3. Potecting Patient Privacy: Understanding and Classifying Attacks and Vulnerabilities in Web-Based Healthcare Records;Lecture Notes in Networks and Systems;2024

4. Detection of Vulnerability in Websites Predominantly Against CSRF Using Machine Learning;2023 3rd International Conference on Technological Advancements in Computational Sciences (ICTACS);2023-11-01

5. An Empirical Analysis of Web Storage and Its Applications to Web Tracking;ACM Transactions on the Web;2023-10-11