ePrints.FRI - University of Ljubljana, Faculty of Computer and Information Science

Client-side code security analysis and practical application of CIA principles

Matej Vehar (2017) Client-side code security analysis and practical application of CIA principles. MSc thesis.

[img]
Preview
PDF
Download (1920Kb)

    Abstract

    World Wide Web has become unimaginable without technologies such as JavaScript. More than 94% of web sites use dynamic content, which has increasingly powerful capabilities on clients. Web pages have become mashup of third party libraries, widgets with ads and user generated content that executes in browsers with enabled third party extensions. All those external dependencies are potential entry point for unwanted and malicious code, which can alter page functionalities or abuse sensitive content. In this master thesis we will analyse existing functionalities and approaches to increase security of web pages. Based on the outcomes and the overview of the most abused functions by the XSS attacks we will construct a program library. Purpose of the library will be to enhance security, integrity and availability of the sensitive functions within execution environment of the web content. The Design will be based on the object-capabilities model and will manifest proposed ideas by similar approaches. Since the library will modify execution environment, all modified functions will be tested for execution overhead.

    Item Type: Thesis (MSc thesis)
    Keywords: information security, client, JavaScript, capability model
    Number of Pages: 92
    Language of Content: Slovenian
    Mentor / Comentors:
    Name and SurnameIDFunction
    prof. dr. Denis Trček1121Mentor
    Link to COBISS: http://www.cobiss.si/scripts/cobiss?command=search&base=51012&select=(ID=1537636291)
    Institution: University of Ljubljana
    Department: Faculty of Computer and Information Science
    Item ID: 4006
    Date Deposited: 25 Oct 2017 09:06
    Last Modified: 13 Nov 2017 10:46
    URI: http://eprints.fri.uni-lj.si/id/eprint/4006

    Actions (login required)

    View Item