How Attackers Threaten the Web

Ryck, Philippe De; Desmet, Lieven; Piessens, Frank; Johns, Martin

doi:10.1007/978-3-319-12226-7_4

Philippe De Ryck¹⁹,
Lieven Desmet¹⁹,
Frank Piessens¹⁹ &
…
Martin Johns²⁰

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

1223 Accesses

Abstract

Since the Web is an important application platform, it is a high profile target for attackers. Different attackers have different capabilities, and certain vulnerabilities require a specific set of capabilities to be exploited. These capabilities are generally captured in a threat model, describing what an attacker can and cannot do. In this chapter, we provide an overview of the relevant academic threat models for the Web. Since these models are often highly tailored to a specific problem statement and solution, their slight differences make it difficult to compare threat models. Therefore, we decompose every threat model into concrete attacker capabilities, enabling a conceptual comparison of the threat models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 44.99; Price excludes VAT (USA)

Softcover Book: USD 59.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Akhawe, D., Barth, A., Lam, P.E., Mitchell, J.C., Song, D.: Towards a formal foundation of web security. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 290–304 (2010)
Google Scholar
Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS), pp. 75–88 (2008)
Google Scholar
Barth, A., Jackson, C., Mitchell, J.C.: Securing frame communication in browsers. Commun. ACM 52(6), 83–91 (2009)
Article Google Scholar
Bortz, A., Barth, A., Czeskis, A.: Origin cookies: Session integrity for Web applications. Web 2.0 security and privacy (W2SP) (2011)
Google Scholar
Farrel, S., Tschofenig, H.: Pervasive monitoring is an Attack. RFC Best Current Practice (RFC 7258) (2014)
Google Scholar
Jackson, C., Barth, A.: Beware of finer-grained origins. Web 2.0 Security and Privacy (W2SP) (2008)
Google Scholar
Jackson, C., Barth, A.: Force HTTPS: Protecting high-security web sites from network attacks. In: Proceedings of the 17th International Conference on World Wide Web (WWW), pp. 525–534 (2008)
Google Scholar
The Guardian: Edward Snowden. http://www.theguardian.com/world/edward-snowden (2013)

Download references

Author information

Authors and Affiliations

iMinds-DistriNet, KU Leuven, Heverlee, Belgium
Philippe De Ryck, Lieven Desmet & Frank Piessens
SAP Research, Karlsruhe, Germany
Martin Johns

Authors

Philippe De Ryck
View author publications
You can also search for this author in PubMed Google Scholar
Lieven Desmet
View author publications
You can also search for this author in PubMed Google Scholar
Frank Piessens
View author publications
You can also search for this author in PubMed Google Scholar
Martin Johns
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philippe De Ryck .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Ryck, P., Desmet, L., Piessens, F., Johns, M. (2014). How Attackers Threaten the Web. In: Primer on Client-Side Web Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-12226-7_4

Download citation

DOI: https://doi.org/10.1007/978-3-319-12226-7_4
Published: 26 November 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12225-0
Online ISBN: 978-3-319-12226-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics