Name
Abstract | ||
|---|---|---|
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). These concerns impact both end users and content generators. To tackle this problem requires a complimentary technology to the already developed and deployed infrastructure for web security. Hence, we have developed a multi-layer framework for web client security based on mobile code instrumentation. This architecture seeks to isolate exploitable security vulnerabilities and enforce runtime policies against malicious code constructs. Our instrumentation process uniquely integrates both static and dynamic engines and is driven by flexible (XML based) rewrite rules for a scalable operation and transparent deployment. Based on secure equivalents for vulnerable JavaScript objects and methods, our mechanism offers superior runtime performance compared to other approaches. Extensive investigation using four case studies shows that the instrumentation technique provides a potential solution to curb the rising number of security exploits that exist on the web today. In addition, performance data gathered from evaluations on active websites demonstrate that the mechanism has very little impact in terms of user experience; thus making it plausible for adoption by end-users. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1016/j.jss.2013.02.047 | Journal of Systems and Software |
Keywords | Field | DocType |
concerns impact,instrumentation process,exploitable security vulnerability,securing web-clients,active web,web client security,mobile code instrumentation,web security,instrumentation technique,security exploit,instrumented code,dynamic runtime monitoring,complimentary technology,css,csrf | Internet security,User experience design,Software engineering,XML,End user,Computer science,Computer security,Security service,Web application security,Content Security Policy,JavaScript | Journal |
Volume | Issue | ISSN |
86 | 6 | 0164-1212 |
Citations | PageRank | References |
2 | 0.39 | 45 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ejike Ofuonye | 1 | 23 | 2.57 |
| James Miller | 2 | 174 | 15.44 |