Sciweavers

ESSOS
2010
Springer

CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests

14 years 9 months ago
CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests
Protecting users in the ubiquitous online world is becoming more and more important, as shown by web application security – or the lack thereof – making the mainstream news. One of the more harmful attacks is cross-site request forgery (CSRF), which allows an attacker to make requests to certain web applications while impersonating the user without their awareness. Existing client-side protection mechanisms do not fully mitigate the problem or have a degrading effect on the browsing experience of the user, especially with web 2.0 techniques such as AJAX, mashups and single sign-on. To fill this gap, this paper makes three contributions: first, a thorough traffic analysis on real-world traffic quantifies the amount of cross-domain traffic and identifies its specific properties. Second, a client-side enforcement policy has been constructed and a Firefox extension, named CsFire (CeaseFire), has been implemented to autonomously mitigate CSRF attacks as precise as possible. Evalua...
Philippe De Ryck, Lieven Desmet, Thomas Heyman, Fr
Added 17 Mar 2010
Updated 17 Mar 2010
Type Conference
Year 2010
Where ESSOS
Authors Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, Wouter Joosen
Comments (0)