Difference between revisions of "WebFund 2014W Lecture 15"
Jump to navigation
Jump to search
(Created page with "==Web Security== Security is (roughly): * confidentiality * integrity * availability Cryptography (SSL, secure hashes) are tools for achieving security. But they are not the...") |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
The video from the lecture given on March 7, 2014 is available: | |||
* [http://www.screencast.com/t/IPsw3EmQ1 Small from screencast.com] | |||
* [http://www.screencast.com/t/vJp1VpQumCI Large from screencast.com] | |||
* [http://dl.cuol.ca/capture/Anil.Somayaji/COMP_2406_2014W_Lecture_15_-_20140307_142925_27.mp4 Original from CUOL] | |||
==Web Security== | ==Web Security== | ||
Security is (roughly): | Security is (roughly): | ||
| Line 11: | Line 18: | ||
==Threat Models== | ==Threat Models== | ||
* what are the attacker goals? | |||
* how may they achieve them? | |||
* in other words, how are you in danger? What are the risks? | |||
There are always attacks outside of your threat model. | |||
==Attacker Goals== | ==Attacker Goals== | ||
* steal private information (e.g., financial) | |||
* reduce availability | |||
** impact reputation | |||
* perform malicious operations (using existing functionality) | |||
** steal money | |||
** blow up a reactor | |||
** use application to achieve attacker's goals | |||
* monitor usage (spying) | |||
* data tampering | |||
==Points of Vulnerability== | ==Points of Vulnerability== | ||
What access does the attacker have? | |||
# hardware (chips)? | |||
# physical/virtual access to machine? | |||
#* burglary | |||
#* "insider attacks": sysadmins, cloud providers | |||
#* Digital Rights Management (DRM) | |||
# malicious input | |||
Last is most significant for web security | |||
==Input validation== | |||
* hard because application interface/front end is under attacker control | |||
* hardest use case: user-generated input | |||
** input becomes output semi-directly | |||
** (incorporated into web pages) | |||
* one JavaScript context per web page | |||
* DOM is accessible in it => all of the web page is accessible | |||
* easy to trust client, easy to forget "redundant" checks | |||
Latest revision as of 20:44, 9 March 2014
The video from the lecture given on March 7, 2014 is available:
Web Security
Security is (roughly):
- confidentiality
- integrity
- availability
Cryptography (SSL, secure hashes) are tools for achieving security. But they are not the only ones.
Security really matters for web applications because, by design, most are accessible by anyone in the world.
Threat Models
- what are the attacker goals?
- how may they achieve them?
- in other words, how are you in danger? What are the risks?
There are always attacks outside of your threat model.
Attacker Goals
- steal private information (e.g., financial)
- reduce availability
- impact reputation
- perform malicious operations (using existing functionality)
- steal money
- blow up a reactor
- use application to achieve attacker's goals
- monitor usage (spying)
- data tampering
Points of Vulnerability
What access does the attacker have?
- hardware (chips)?
- physical/virtual access to machine?
- burglary
- "insider attacks": sysadmins, cloud providers
- Digital Rights Management (DRM)
- malicious input
Last is most significant for web security
Input validation
- hard because application interface/front end is under attacker control
- hardest use case: user-generated input
- input becomes output semi-directly
- (incorporated into web pages)
- one JavaScript context per web page
- DOM is accessible in it => all of the web page is accessible
- easy to trust client, easy to forget "redundant" checks