izpis_h1_title_alt

Varovanje kode na odjemalcu z analizo in praktično uporabo principov CIA
ID Vehar, Matej (Author), ID Trček, Denis (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,89 MB)
MD5: 280B9A9C298B69E6DD1677DD69B1FF00
PID: 20.500.12556/rul/28a33874-6e85-462f-858e-aaf3a6bc8f74

Abstract
Splet je postal nepredstavljiv brez tehnologij, kot je JavaScript. Več kot 94% spletnih strani vsebuje dinamično vsebino, ki ima vedno več zmožnosti na odjemalcih. Spletne strani so postale interaktivna zmes, ki vsebuje zunanje knjižnice, gradnike z oglasi in uporabniško vsebino ter so prikazane v brskalnikih, ki imajo prav tako nameščene dodatke iz zunanjih virov. Vsi ti zunanji viri lahko predstavljajo vstopno točko za poljubno potencialno zlonamerno vsebino, ki lahko spremeni delovanje spletne strani ali jo zlorabi podatke na njej. V magistrskem delu bodo raziskani obstoječi pristopi za doseganje večje varnosti pri razvoju spletne vsebine oziroma programske kode za odjemalce. Na podlagi ugotovitev iz obstoječih ukrepov in pregleda pogostih funkcionalnosti, ki jih zlorabljajo XSS napadi bo pripravljena knjižnica za okrepitev zaupnosti, integritete in razpoložljivosti (t.i. CIA triada) občutljivih funkcij okolja spletne aplikacije. Knjižnica bo temeljila na objektno zmožnostnem modelu in bo nadaljevanje idej nekaterih obstoječih rešitev. Knjižnica bo prilagodila okolje v katerem se izvaja vsebina, zato bodo izvedeni testi, ki bodo preverili vpliv na delovanje posameznih zaščitenih funkcij.

Language:Slovenian
Keywords:informacijska varnost, odjemalec, JavaScript, zmožnostni model
Work type:Master's thesis/paper
Organization:FRI - Faculty of Computer and Information Science
Year:2017
PID:20.500.12556/RUL-97599 This link opens in a new window
Publication date in RUL:27.10.2017
Views:1423
Downloads:595
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Client-side code security analysis and practical application of CIA principles
Abstract:
World Wide Web has become unimaginable without technologies such as JavaScript. More than 94% of web sites use dynamic content, which has increasingly powerful capabilities on clients. Web pages have become mashup of third party libraries, widgets with ads and user generated content that executes in browsers with enabled third party extensions. All those external dependencies are potential entry point for unwanted and malicious code, which can alter page functionalities or abuse sensitive content. In this master thesis we will analyse existing functionalities and approaches to increase security of web pages. Based on the outcomes and the overview of the most abused functions by the XSS attacks we will construct a program library. Purpose of the library will be to enhance security, integrity and availability of the sensitive functions within execution environment of the web content. The Design will be based on the object-capabilities model and will manifest proposed ideas by similar approaches. Since the library will modify execution environment, all modified functions will be tested for execution overhead.

Keywords:information security, client, JavaScript, capability model

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back