Modeling user interactions for (fun and) profit: Preventing request forgery attacks on web applications

Karthick Jayaraman, Paul G. Talaga, Grzegorz Lewandowski, Steve J. Chapin, Munawar Hafiz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The goal of a web-request forgery attacker is to manipulate the intended workflow of a web application. Applications that fail to enforce the designer-intended interactions are vulnerable to this type of attack. This paper proposes a systematic methodology for designing web applications to strictly enforce the designer-intended interactions. Our approach captures workflow using the Web DFA model and applies four design patterns to strictly enforce the intended interactions. We argue that using patterns in conjunction with a Web DFA model produces web applications that are secure from request forgery attacks by construction; more-over, our mechanism could be useful in designing workflow-based applications in other domains.

Original languageEnglish (US)
Title of host publicationPLoP09 - 16th Conference on Pattern Languages of Programs, Proceedings
DOIs
StatePublished - Dec 1 2010
Event16th Conference on Pattern Languages of Programs, PLoP09 - Chicago, IL, United States
Duration: Aug 28 2009Aug 30 2009

Publication series

NameACM International Conference Proceeding Series

Other

Other16th Conference on Pattern Languages of Programs, PLoP09
CountryUnited States
CityChicago, IL
Period8/28/098/30/09

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Modeling user interactions for (fun and) profit: Preventing request forgery attacks on web applications'. Together they form a unique fingerprint.

  • Cite this

    Jayaraman, K., Talaga, P. G., Lewandowski, G., Chapin, S. J., & Hafiz, M. (2010). Modeling user interactions for (fun and) profit: Preventing request forgery attacks on web applications. In PLoP09 - 16th Conference on Pattern Languages of Programs, Proceedings [1] (ACM International Conference Proceeding Series). https://doi.org/10.1145/1943226.1943246