A Security-Oriented Analysis of Web Inclusions in the Italian Public Administration-Reference-Cited by-同舟云学术

A Security-Oriented Analysis of Web Inclusions in the Italian Public Administration

Published:2018-11-01 Issue:4 Volume:18 Page:94-110
ISSN:1314-4081
Container-title:Cybernetics and Information Technologies
language:en
Short-container-title:

Author:

Bartoli A.¹,De Lorenzo A.¹,Medvet E.¹,Faraguna M.¹,Tarlao F.¹

Affiliation:

1. Dipartimento di Ingegneria e Architettura , University of Trieste , Italy

Abstract

Abstract Modern web sites serve content that browsers fetch automatically from a number of different web servers that may be placed anywhere in the world. Such content is essential for defining the appearance and behavior of a web site and is thus a potential target for attacks. Many public administrations offer services on the web, thus we have entered a world in which web sites of public interest are continuously and systematically depending on web servers that may be located anywhere in the world and are potentially under control of other governments. In this work we focus on these issues by investigating the content included by almost 10000 web sites of the Italian Public Administration. We analyse the nature of such content, its quantity, its geographical location, the amount of dynamic variations over time. Our analyses demonstrate that the perimeter of trust of the Italian Public Administration collectively includes countries that are well beyond the control of the Italian government and provides several insights useful for implementing a centralized monitoring service aimed at detecting anomalies.

Publisher

Walter de Gruyter GmbH

Subject

General Computer Science

Link

https://www.sciendo.com/pdf/10.2478/cait-2018-0050

Reference43 articles.

1. 1. Nikiforakis, N., L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen, C. Kruegel et al. You Are What You Include: Large-Scale Evaluation of Remote Javascript Inclusions. – In: Proc. of 2012 ACM Conference on Computer and Communications Security (CCS’12), New York, NY, USA, ACM Press, 2012, p. 736.

2. 2. Uesugi, S. You Could’ve Submitted a Pull Request to Inject Arbitrary JS Code into Donald Trump’s Site. – In: Medium [Internet]. Medium, 18 August 2016 [Cited 21 August 2018]. https://medium.com/@chibicode/you-can-submit-a-pull-request-to-inject-arbitrary-js-code-into-donald-trumps-site-here-s-how-782aa6a17a56

3. 3. Hunt, T. The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries. – In: Troy Hunt Blog [Internet]. Troy Hunt, 12 February 2018 [Cited 21 August 2018]. https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/

4. 4. Zhou, N. Cryptojacking Attack Hits Australian Government Websites. – The Guardian, 12 February 2018. Accessed 21 August 2018. http://www.theguardian.com/technology/2018/feb/12/cryptojacking-attack-hits-australian-government-websites

5. 5. Lomas, N. Cryptojacking Attack Hits ~4,000 Websites, Including UK’s Data Watchdog. TechCrunch. TechCrunch; 12 February 2018. Accessed 21 August 2018. http://social.techcrunch.com/2018/02/12/ico-snafu/

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Visualizing Interesting Patterns in Cyber Threat Intelligence Using Machine Learning Techniques;Cybernetics and Information Technologies;2022-06-01

2. Robustness analysis of DNS paths and web access paths in public administration websites;Computer Communications;2021-12

3. Assessing the sovereignty and security of the Austrian internet;2020 International Conference on Software Security and Assurance (ICSSA);2020-10