Modelling and Mitigation of Cross-Origin Request Attacks on Federated Identity Management Using Cross Origin Request Policy
نویسندگان
چکیده
Cross origin request attacks (CORA) such as Cross site request forgery (CSRF), cross site timing, etc. continue to pose a threat on the modern day web. Current browser security policies inadequately mitigate these attacks. Additionally, third party authentication services are now the preferred way to carry out identity management between multiple enterprises and web applications. This scenario, called Federated Identity Management (FIM) separates the problem of identity management from the core functionality of an application. In this paper, we construct formally checkable models and design laboratory simulations to show that FIM is susceptible to cross origin attacks. Further, we employ the Cross Origin Request Policy (CORP) to mitigate such attacks.
منابع مشابه
A Formal Model of Web Security Showing Malicious Cross Origin Requests and Its Mitigation using CORP
This document describes a web security model to analyse cross origin requests and block them using CORP, a browser security policy proposed for mitigating Cross Origin Request Attacks (CORA) such as CSRF, Clickjacking, Web application timing, etc. CORP is configured by website administrators and sent as an HTTP response header to the browser. A browser which is CORP-enabled will interpret the p...
متن کاملA cross-cultural study of request speech act: Iraqi and Malay students
Several studies have indicated that the range and linguistics expressions of external modifiers available in one language differ from those available in another language. The present study aims to investigate the cross-cultural differences and similarities with regards to the realization of request external modifications. To this end, 30 Iraqi and 30 Malay u...
متن کاملToward Principled Browser Security
To ensure the confidentiality and integrity of web content, modern web browsers enforce isolation between content and scripts from different domains with the same-origin policy (SOP). However, many web applications require cross-origin sharing of code and data. This conflict between isolation and sharing has led to an ad hoc implementation of the SOP that has proven vulnerable to such attacks a...
متن کاملAutomatic and Precise Client-Side Protection against CSRF Attacks
A common client-side countermeasure against Cross Site Request Forgery (CSRF) is to strip session and authentication information from malicious requests. The difficulty however is in determining when a request is malicious. Existing client-side countermeasures are typically too strict, thus breaking many existing websites that rely on authenticated cross-origin requests, such as sites that use ...
متن کاملApplying Mitigation Devices in Request Speech Act: Do Gender and Language Proficiency Have any Effect?
This study aims to examine how Iranian EFL learners perceive and apply mitigation devices in request speech act in 4 asymmetrical situations. Role-play interactions and questionnaires were used to elicit the required data from Iranian informants (male vs. female). The results obtained from the analysis of data revealed that in identical situations, male requestors were comparably more certain t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017