TY - GEN
T1 - Position paper
T2 - 2011 New Security Paradigms Workshop, NSPW'11
AU - Du, Wenliang
AU - Jayaraman, Karthick
AU - Tan, Xi
AU - Luo, Tongbo
AU - Chapin, Steve
PY - 2011
Y1 - 2011
N2 - As the Web has become more and more ubiquitous, the number of attacks on web applications have increased substantially. According to a recent report, over 80 percent of web applications have had at least one serious vulnerability. This percentage is alarmingly higher than traditional applications. Something must be fundamentally wrong in the web infrastructure. Based on our research, we have formulated the following position: when choosing the stateless framework for the Web, we ignored a number of security properties that are essential to applications. As a result, the Trusted Computing Base(TCB) of the Web has significant weaknesses. To build secure stateful applications on top of a weakened TCB, developers have to implement extra protection logic in their web applications, making development difficult and error prone, and thereby causing a number of security problems in web applications. In this paper, we will present evidence, justification, and in-depth analysis to support this position.
AB - As the Web has become more and more ubiquitous, the number of attacks on web applications have increased substantially. According to a recent report, over 80 percent of web applications have had at least one serious vulnerability. This percentage is alarmingly higher than traditional applications. Something must be fundamentally wrong in the web infrastructure. Based on our research, we have formulated the following position: when choosing the stateless framework for the Web, we ignored a number of security properties that are essential to applications. As a result, the Trusted Computing Base(TCB) of the Web has significant weaknesses. To build secure stateful applications on top of a weakened TCB, developers have to implement extra protection logic in their web applications, making development difficult and error prone, and thereby causing a number of security problems in web applications. In this paper, we will present evidence, justification, and in-depth analysis to support this position.
KW - access control
KW - browser
KW - web security
KW - web server
UR - http://www.scopus.com/inward/record.url?scp=84855668211&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84855668211&partnerID=8YFLogxK
U2 - 10.1145/2073276.2073285
DO - 10.1145/2073276.2073285
M3 - Conference contribution
AN - SCOPUS:84855668211
SN - 9781450310789
T3 - Proceedings New Security Paradigms Workshop
SP - 83
EP - 93
BT - NSPW'11 - Proceedings of the 2011 New Security Paradigms Workshop
Y2 - 12 September 2011 through 15 September 2011
ER -