Enforcing Session Integrity in the World "Wild" Web

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Focardi, Riccardo it_IT
dc.contributor.author Tempesta, Mauro <1990> it_IT
dc.date.accessioned 2015-02-10 it_IT
dc.date.accessioned 2015-07-04T14:47:10Z
dc.date.available 2015-07-04T14:47:10Z
dc.date.issued 2015-03-12 it_IT
dc.identifier.uri http://hdl.handle.net/10579/5982
dc.description.abstract Over the last years, client-side attacks against web sessions covered a relevant subset of web security incidents. Existing solutions proposed in the literature and by web standards, though interesting, typically address only specific classes of attacks and thus fall short of providing robust foundations to reason on web authentication security. In this thesis we provide such foundations by introducing a novel notion of web session integrity, which allows to capture many existing attacks and spot some new ones. We present FF+, a formal model of a security-enhanced browser that provides a complete and provably sound enforcement of web session integrity. Our theory serves as a basis for the development of SessInt, a client-side solution, implemented as a Google Chrome extension, which provides a level of security very close to FF+, while keeping an eye at usability and user experience. it_IT
dc.language.iso it_IT
dc.publisher Università Ca' Foscari Venezia it_IT
dc.rights © Mauro Tempesta, 2015 it_IT
dc.title Enforcing Session Integrity in the World "Wild" Web it_IT
dc.title.alternative it_IT
dc.type Master's Degree Thesis it_IT
dc.degree.name Informatica - computer science it_IT
dc.degree.level Laurea magistrale it_IT
dc.degree.grantor Dipartimento di Scienze Ambientali, Informatica e Statistica it_IT
dc.description.academicyear 2013/2014, sessione straordinaria it_IT
dc.rights.accessrights openAccess it_IT
dc.thesis.matricno 827400 it_IT
dc.subject.miur it_IT
dc.description.note it_IT
dc.degree.discipline it_IT
dc.contributor.co-advisor it_IT
dc.date.embargoend it_IT
dc.provenance.upload Mauro Tempesta (827400@stud.unive.it), 2015-02-10 it_IT
dc.provenance.plagiarycheck Riccardo Focardi (focardi@unive.it), 2015-02-16 it_IT


Files in this item

This item appears in the following Collection(s)

Show simple item record