Sciweavers

ISW
2009
Springer

F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services

14 years 6 months ago
F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services
The frequency and severity of a number of recent intrusions involving data theft and leakages has shown that online users’ trust, voluntary or not, in the ability of third parties to protect their sensitive data is often unfounded. Data may be exposed anywhere along a corporation’s web pipeline, from the outward-facing web servers to the back-end databases. The problem is exacerbated in service-oriented architectures (SOAs) where data may also be exposed as they transit between SOAs. For example, credit card numbers may be leaked during transmission to or handling by transaction-clearing intermediaries. We present F3ildCrypt, a system that provides end-to-end protection of data across a web pipeline and between SOAs. Sensitive data are protected from their origin (the user’s browser) to their legitimate final destination. To that end, F3ildCrypt exploits browser scripting to enable application- and merchant-aware handling of sensitive data. Such techniques have traditionally bee...
Matthew Burnside, Angelos D. Keromytis
Added 26 May 2010
Updated 26 May 2010
Type Conference
Year 2009
Where ISW
Authors Matthew Burnside, Angelos D. Keromytis
Comments (0)