Securing web-clients with instrumented code and dynamic runtime monitoring
► Highly robust proxy based framework that can intercept HTTP request/response. ► A comprehensive HTTP traffic transformation XML rules schema. ► Self-contained, in-browser security manager for the JavaScript Language. ► A collection of secure JavaScript equivalent objects. Security and privacy conc...
Gespeichert in:
| Veröffentlicht in: | The Journal of systems and software 2013-06, Vol.86 (6), p.1689-1711 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 1711 |
|---|---|
| container_issue | 6 |
| container_start_page | 1689 |
| container_title | The Journal of systems and software |
| container_volume | 86 |
| creator | Ofuonye, Ejike Miller, James |
| description | ► Highly robust proxy based framework that can intercept HTTP request/response. ► A comprehensive HTTP traffic transformation XML rules schema. ► Self-contained, in-browser security manager for the JavaScript Language. ► A collection of secure JavaScript equivalent objects.
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). These concerns impact both end users and content generators. To tackle this problem requires a complimentary technology to the already developed and deployed infrastructure for web security. Hence, we have developed a multi-layer framework for web client security based on mobile code instrumentation. This architecture seeks to isolate exploitable security vulnerabilities and enforce runtime policies against malicious code constructs. Our instrumentation process uniquely integrates both static and dynamic engines and is driven by flexible (XML based) rewrite rules for a scalable operation and transparent deployment.
Based on secure equivalents for vulnerable JavaScript objects and methods, our mechanism offers superior runtime performance compared to other approaches. Extensive investigation using four case studies shows that the instrumentation technique provides a potential solution to curb the rising number of security exploits that exist on the web today. In addition, performance data gathered from evaluations on active websites demonstrate that the mechanism has very little impact in terms of user experience; thus making it plausible for adoption by end-users. |
| doi_str_mv | 10.1016/j.jss.2013.02.047 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1365155154</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0164121213000514</els_id><sourcerecordid>1365155154</sourcerecordid><originalsourceid>FETCH-LOGICAL-c358t-631c53acd65c74205f0ab239e99c0983d941fd7b7953eecbb4fa51d084bd4e993</originalsourceid><addsrcrecordid>eNp9kMtKxDAUhoMoOI4-gLuAGzetufaCKxGvDLhQ1yFNTjWlTcekdZi3N8O4ciEEEsL3_5zzIXROSU4JLa66vIsxZ4TynLCciPIALWhV8owyVh2iRWJEelN2jE5i7AghJSNsgZ5fwczB-Q-8gSYzvQM_Rbxx0yd2Pk5hHtIHWGxGC1h7i-3W68EZHGY_uQHwMHo3jbuGU3TU6j7C2e-9RO_3d2-3j9nq5eHp9maVGS6rKSs4NZJrYwtpSsGIbIluGK-hrg2pK25rQVtbNmUtOYBpGtFqSS2pRGNFgvgSXe5712H8miFOanDRQN9rD-McFeWFpDIdkdCLP2g3zsGn6RLFRc1KSVmi6J4yYYwxQKvWwQ06bBUlamdXdSrZVTu7ijCV7KbM9T4DadNvB0FFk9wZsC6AmZQd3T_pH8V5gl8</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1334927512</pqid></control><display><type>article</type><title>Securing web-clients with instrumented code and dynamic runtime monitoring</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Ofuonye, Ejike ; Miller, James</creator><creatorcontrib>Ofuonye, Ejike ; Miller, James</creatorcontrib><description>► Highly robust proxy based framework that can intercept HTTP request/response. ► A comprehensive HTTP traffic transformation XML rules schema. ► Self-contained, in-browser security manager for the JavaScript Language. ► A collection of secure JavaScript equivalent objects.
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). These concerns impact both end users and content generators. To tackle this problem requires a complimentary technology to the already developed and deployed infrastructure for web security. Hence, we have developed a multi-layer framework for web client security based on mobile code instrumentation. This architecture seeks to isolate exploitable security vulnerabilities and enforce runtime policies against malicious code constructs. Our instrumentation process uniquely integrates both static and dynamic engines and is driven by flexible (XML based) rewrite rules for a scalable operation and transparent deployment.
Based on secure equivalents for vulnerable JavaScript objects and methods, our mechanism offers superior runtime performance compared to other approaches. Extensive investigation using four case studies shows that the instrumentation technique provides a potential solution to curb the rising number of security exploits that exist on the web today. In addition, performance data gathered from evaluations on active websites demonstrate that the mechanism has very little impact in terms of user experience; thus making it plausible for adoption by end-users.</description><identifier>ISSN: 0164-1212</identifier><identifier>EISSN: 1873-1228</identifier><identifier>DOI: 10.1016/j.jss.2013.02.047</identifier><identifier>CODEN: JSSODM</identifier><language>eng</language><publisher>New York: Elsevier Inc</publisher><subject>Computer architecture ; CSRF ; CSS ; Dynamical systems ; Dynamics ; End users ; Extensible Markup Language ; Instrumentation ; Java ; Network security ; Policies ; Privacy ; Run time (computers) ; Scalability ; Secure browsing ; Security ; Security management ; Security system ; Studies ; Web browsing security</subject><ispartof>The Journal of systems and software, 2013-06, Vol.86 (6), p.1689-1711</ispartof><rights>2013 Elsevier Inc.</rights><rights>Copyright Elsevier Sequoia S.A. Jun 2013</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c358t-631c53acd65c74205f0ab239e99c0983d941fd7b7953eecbb4fa51d084bd4e993</citedby><cites>FETCH-LOGICAL-c358t-631c53acd65c74205f0ab239e99c0983d941fd7b7953eecbb4fa51d084bd4e993</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.jss.2013.02.047$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3541,27915,27916,45986</link.rule.ids></links><search><creatorcontrib>Ofuonye, Ejike</creatorcontrib><creatorcontrib>Miller, James</creatorcontrib><title>Securing web-clients with instrumented code and dynamic runtime monitoring</title><title>The Journal of systems and software</title><description>► Highly robust proxy based framework that can intercept HTTP request/response. ► A comprehensive HTTP traffic transformation XML rules schema. ► Self-contained, in-browser security manager for the JavaScript Language. ► A collection of secure JavaScript equivalent objects.
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). These concerns impact both end users and content generators. To tackle this problem requires a complimentary technology to the already developed and deployed infrastructure for web security. Hence, we have developed a multi-layer framework for web client security based on mobile code instrumentation. This architecture seeks to isolate exploitable security vulnerabilities and enforce runtime policies against malicious code constructs. Our instrumentation process uniquely integrates both static and dynamic engines and is driven by flexible (XML based) rewrite rules for a scalable operation and transparent deployment.
Based on secure equivalents for vulnerable JavaScript objects and methods, our mechanism offers superior runtime performance compared to other approaches. Extensive investigation using four case studies shows that the instrumentation technique provides a potential solution to curb the rising number of security exploits that exist on the web today. In addition, performance data gathered from evaluations on active websites demonstrate that the mechanism has very little impact in terms of user experience; thus making it plausible for adoption by end-users.</description><subject>Computer architecture</subject><subject>CSRF</subject><subject>CSS</subject><subject>Dynamical systems</subject><subject>Dynamics</subject><subject>End users</subject><subject>Extensible Markup Language</subject><subject>Instrumentation</subject><subject>Java</subject><subject>Network security</subject><subject>Policies</subject><subject>Privacy</subject><subject>Run time (computers)</subject><subject>Scalability</subject><subject>Secure browsing</subject><subject>Security</subject><subject>Security management</subject><subject>Security system</subject><subject>Studies</subject><subject>Web browsing security</subject><issn>0164-1212</issn><issn>1873-1228</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><recordid>eNp9kMtKxDAUhoMoOI4-gLuAGzetufaCKxGvDLhQ1yFNTjWlTcekdZi3N8O4ciEEEsL3_5zzIXROSU4JLa66vIsxZ4TynLCciPIALWhV8owyVh2iRWJEelN2jE5i7AghJSNsgZ5fwczB-Q-8gSYzvQM_Rbxx0yd2Pk5hHtIHWGxGC1h7i-3W68EZHGY_uQHwMHo3jbuGU3TU6j7C2e-9RO_3d2-3j9nq5eHp9maVGS6rKSs4NZJrYwtpSsGIbIluGK-hrg2pK25rQVtbNmUtOYBpGtFqSS2pRGNFgvgSXe5712H8miFOanDRQN9rD-McFeWFpDIdkdCLP2g3zsGn6RLFRc1KSVmi6J4yYYwxQKvWwQ06bBUlamdXdSrZVTu7ijCV7KbM9T4DadNvB0FFk9wZsC6AmZQd3T_pH8V5gl8</recordid><startdate>201306</startdate><enddate>201306</enddate><creator>Ofuonye, Ejike</creator><creator>Miller, James</creator><general>Elsevier Inc</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201306</creationdate><title>Securing web-clients with instrumented code and dynamic runtime monitoring</title><author>Ofuonye, Ejike ; Miller, James</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c358t-631c53acd65c74205f0ab239e99c0983d941fd7b7953eecbb4fa51d084bd4e993</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Computer architecture</topic><topic>CSRF</topic><topic>CSS</topic><topic>Dynamical systems</topic><topic>Dynamics</topic><topic>End users</topic><topic>Extensible Markup Language</topic><topic>Instrumentation</topic><topic>Java</topic><topic>Network security</topic><topic>Policies</topic><topic>Privacy</topic><topic>Run time (computers)</topic><topic>Scalability</topic><topic>Secure browsing</topic><topic>Security</topic><topic>Security management</topic><topic>Security system</topic><topic>Studies</topic><topic>Web browsing security</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ofuonye, Ejike</creatorcontrib><creatorcontrib>Miller, James</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>The Journal of systems and software</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ofuonye, Ejike</au><au>Miller, James</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Securing web-clients with instrumented code and dynamic runtime monitoring</atitle><jtitle>The Journal of systems and software</jtitle><date>2013-06</date><risdate>2013</risdate><volume>86</volume><issue>6</issue><spage>1689</spage><epage>1711</epage><pages>1689-1711</pages><issn>0164-1212</issn><eissn>1873-1228</eissn><coden>JSSODM</coden><abstract>► Highly robust proxy based framework that can intercept HTTP request/response. ► A comprehensive HTTP traffic transformation XML rules schema. ► Self-contained, in-browser security manager for the JavaScript Language. ► A collection of secure JavaScript equivalent objects.
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). These concerns impact both end users and content generators. To tackle this problem requires a complimentary technology to the already developed and deployed infrastructure for web security. Hence, we have developed a multi-layer framework for web client security based on mobile code instrumentation. This architecture seeks to isolate exploitable security vulnerabilities and enforce runtime policies against malicious code constructs. Our instrumentation process uniquely integrates both static and dynamic engines and is driven by flexible (XML based) rewrite rules for a scalable operation and transparent deployment.
Based on secure equivalents for vulnerable JavaScript objects and methods, our mechanism offers superior runtime performance compared to other approaches. Extensive investigation using four case studies shows that the instrumentation technique provides a potential solution to curb the rising number of security exploits that exist on the web today. In addition, performance data gathered from evaluations on active websites demonstrate that the mechanism has very little impact in terms of user experience; thus making it plausible for adoption by end-users.</abstract><cop>New York</cop><pub>Elsevier Inc</pub><doi>10.1016/j.jss.2013.02.047</doi><tpages>23</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0164-1212 |
| ispartof | The Journal of systems and software, 2013-06, Vol.86 (6), p.1689-1711 |
| issn | 0164-1212 1873-1228 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1365155154 |
| source | ScienceDirect Journals (5 years ago - present) |
| subjects | Computer architecture CSRF CSS Dynamical systems Dynamics End users Extensible Markup Language Instrumentation Java Network security Policies Privacy Run time (computers) Scalability Secure browsing Security Security management Security system Studies Web browsing security |
| title | Securing web-clients with instrumented code and dynamic runtime monitoring |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T04%3A13%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Securing%20web-clients%20with%20instrumented%20code%20and%20dynamic%20runtime%20monitoring&rft.jtitle=The%20Journal%20of%20systems%20and%20software&rft.au=Ofuonye,%20Ejike&rft.date=2013-06&rft.volume=86&rft.issue=6&rft.spage=1689&rft.epage=1711&rft.pages=1689-1711&rft.issn=0164-1212&rft.eissn=1873-1228&rft.coden=JSSODM&rft_id=info:doi/10.1016/j.jss.2013.02.047&rft_dat=%3Cproquest_cross%3E1365155154%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1334927512&rft_id=info:pmid/&rft_els_id=S0164121213000514&rfr_iscdi=true |