Abstract
Since the Web is an important application platform, it is a high profile target for attackers. Different attackers have different capabilities, and certain vulnerabilities require a specific set of capabilities to be exploited. These capabilities are generally captured in a threat model, describing what an attacker can and cannot do. In this chapter, we provide an overview of the relevant academic threat models for the Web. Since these models are often highly tailored to a specific problem statement and solution, their slight differences make it difficult to compare threat models. Therefore, we decompose every threat model into concrete attacker capabilities, enabling a conceptual comparison of the threat models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akhawe, D., Barth, A., Lam, P.E., Mitchell, J.C., Song, D.: Towards a formal foundation of web security. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 290–304 (2010)
Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), pp. 75–88 (2008)
Barth, A., Jackson, C., Mitchell, J.C.: Securing frame communication in browsers. Commun. ACM 52(6), 83–91 (2009)
Bortz, A., Barth, A., Czeskis, A.: Origin cookies: Session integrity for Web applications. Web 2.0 security and privacy (W2SP) (2011)
Farrel, S., Tschofenig, H.: Pervasive monitoring is an Attack. RFC Best Current Practice (RFC 7258) (2014)
Jackson, C., Barth, A.: Beware of finer-grained origins. Web 2.0 Security and Privacy (W2SP) (2008)
Jackson, C., Barth, A.: Force HTTPS: Protecting high-security web sites from network attacks. In: Proceedings of the 17th International Conference on World Wide Web (WWW), pp. 525–534 (2008)
The Guardian: Edward Snowden. http://www.theguardian.com/world/edward-snowden (2013)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2014 Philippe De Ryck, Lieven Desmet, Frank Piessens, Martin Johns
About this chapter
Cite this chapter
Ryck, P., Desmet, L., Piessens, F., Johns, M. (2014). How Attackers Threaten the Web. In: Primer on Client-Side Web Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-12226-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-12226-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12225-0
Online ISBN: 978-3-319-12226-7
eBook Packages: Computer ScienceComputer Science (R0)