標題: Light-Weight CSRF Protection by Labeling User-Created Contents
作者: Sung, Yin-Chang
Cho, Michael Cheng Yi
Wang, Chi-Wei
Hsu, Chia-Wei
Shieh, Shiuhpyng Winston
資訊工程學系
Department of Computer Science
關鍵字: cross-site request forgery;light-weight;Web 2.0;user-created contents
公開日期: 2013
摘要: Cross-site request forgery (CSRF/XSRF) is a serious vulnerability in Web 2.0 environment. With CSRF, an adversary can spoof the payload of an HTTP request and entice the victim's browser to transmit an HTTP request to the web server. Consequently, the server cannot determine legitimacy of the HTTP request. This paper presents a light-weight CSRF prevention method by introducing a quarantine system to inspect suspicious scripts on the server-side. Instead of using script filtering and rewriting approach, this scheme is based on a new labeling mechanism (we called it Content Box) which enables the web server to distinguish the malicious requests from the harmless requests without the need to modify the user created contents (UCCs). Consequently, a malicious request can be blocked when it attempts to access critical web services that was defined by the web administrator. To demonstrate the effectiveness of the proposed scheme, the proposed scheme was implemented and the performance was evaluated.
URI: http://hdl.handle.net/11536/23078
http://dx.doi.org/10.1109/SERE.2013.22
ISBN: 978-0-7695-5021-3
DOI: 10.1109/SERE.2013.22
期刊: 2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY (SERE)
起始頁: 60
結束頁: 69
Appears in Collections:Conferences Paper


Files in This Item:

  1. 000327102200012.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.