JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.advisor | Calzavara, Stefano | it_IT |
| dc.contributor.author | Veronese, Lorenzo <1995> | it_IT |
| dc.date.accessioned | 2020-02-16 | it_IT |
| dc.date.accessioned | 2020-06-16T06:12:31Z | |
| dc.date.available | 2021-07-06T07:26:58Z | |
| dc.date.issued | 2020-03-13 | it_IT |
| dc.identifier.uri | http://hdl.handle.net/10579/16701 | |
| dc.description.abstract | Modern web applications often rely on third-party services to provide their functionality to users. The integration of these services is a non-trivial task and, as shown by the large number of attacks against Single-Sign-On and Cashier-as-a-Service protocols, often opens up possibilities for logic flaws in web security protocols. In this thesis we explore the design challenges of a run-time security monitor for web protocols, identifying the fundamental ingredients needed to mitigate logic flaws in multi-party web applications. We then present a black-box methodology to generate verified monitors from applied pi-calculus specifications of web protocols. These monitors are guaranteed to have the security properties defined in the specification phase and can be deployed on the browser-side (ServiceWorker) and the server-side (reverse proxy). We evaluate the effectiveness of the approach by testing it against a pool of vulnerable applications that use the OAuth 2.0 protocol and that integrate the PayPal payment system. | it_IT |
| dc.language.iso | en | it_IT |
| dc.publisher | Università Ca' Foscari Venezia | it_IT |
| dc.rights | © Lorenzo Veronese, 2020 | it_IT |
| dc.title | Run-time Prevention of Logic Flaws in Multi-Party Web Applications | it_IT |
| dc.title.alternative | Run-time Prevention of Logic Flaws in Multi-Party Web Applications | it_IT |
| dc.type | Master's Degree Thesis | it_IT |
| dc.degree.name | Informatica - computer science | it_IT |
| dc.degree.level | Laurea magistrale | it_IT |
| dc.degree.grantor | Dipartimento di Scienze Ambientali, Informatica e Statistica | it_IT |
| dc.description.academicyear | 2018/2019, sessione straordinaria | it_IT |
| dc.rights.accessrights | embargoedAccess | it_IT |
| dc.thesis.matricno | 852058 | it_IT |
| dc.subject.miur | INF/01 INFORMATICA | it_IT |
| dc.description.note | it_IT | |
| dc.degree.discipline | it_IT | |
| dc.contributor.co-advisor | it_IT | |
| dc.provenance.upload | Lorenzo Veronese (852058@stud.unive.it), 2020-02-16 | it_IT |
| dc.provenance.plagiarycheck | Stefano Calzavara (stefano.calzavara@unive.it), 2020-03-02 | it_IT |
