Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2015
ACM
2015
ACM
The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript
Whitelisting has become a common practice to ensure execution of trusted application code. However, its effectiveness in protecting client-side web application code has not yet been established. In this paper, we seek to study the efficacy of signature-based whitelisting approach for preventing script injection attacks. This includes a recently-proposed W3C recommendation called Subresource Integrity (SRI), which is based on raw script-text signatures. Our 3-month long measurement study shows that applying such raw signatures is not practical. We then present SICILIAN 1 , a novel multi-layered approach for whitelisting scripts that can tolerate changes in them without sacrificing the security. Our solution comes with a deployment model called progressive lockdown, which lets browsers to assist the server in composing the whitelist. Such assistance from the browser minimizes the burden of building the signature based whitelist. Our evaluation on Alexa’s top 500 sites and 15 popular...
Real-time Traffic| Added | 17 Apr 2016 |
| Updated | 17 Apr 2016 |
| Type | Journal |
| Year | 2015 |
| Where | CCS |
| Authors | Pratik Soni, Enrico Budianto, Prateek Saxena |
Comments (0)
Researcher Info
|
