WG Attack Taxonomy

An obvious problem in this area is payload inspection of encrypted traffic: since the network-based intrusion detection system (NIDS) commonly has no access to the encryption keys, it can not decrypt the captured data and, therefore, no analysis is possible. From a network perspective it is thus hard to deal with encrypted traffic. However, more and more traffic within networks uses some form of encryption (e.g., IPSec or SSL) and, thus, we need to develop approaches to also deal with this kind of network traffic in the future. Traditional attack venues such as buffer overruns or exploits of input validation errors have been known for a long time and are widely understood. As a result, a large number of defense mechanisms have been devised [16, 18]. For client-side attacks, however, only a few viable defense solutions have emerged so far. These techniques often focus on one particular problem area only and fail to address the larger and more general problem of unauthorized information flow attacks. A distinctive feature of client-side attacks is that security problems often cannot be traced to a particular vulnerability that can be easily fixed. In fact, the danger is precisely that the client’s security policy is not obviously and immediately violated. In case of a cross-site scripting attack, the malicious script is truly sent by the trusted server and thus, has to be granted the privilege to access the session tokens. Similarly, when a user enters sensitive data into a web form on a phishing site or installs spyware, agreeing to the license, one could argue that there is no problem because a deliberate action is taken and information is voluntarily disclosed. Such a point of view, however, neglects the fact that there is an implicit security requirement of users who do not want to disclose their sensitive data. Thus, even when the sameorigin policy is not violated by a cross-site scripting attack, there is an implicit policy that dictates that no sensitive user data should be disclosed to unauthorized parties. Furthermore, sending of code from server to client becomes more and more common (e.g., AJAX sends JavaScript over the network) and this new interaction model poses further challenges since a NIDS would need to inspect and verify the code. By moni-