Upload
tri-dang
View
221
Download
0
Embed Size (px)
Citation preview
8/8/2019 Application Level Web Security
1/12
Abstracting Application-Level Web Security
David ScottLaboratory For Communications Engineering
Engineering DepartmentTrumpington Street
CambridgeCB2 1PZ
Richard SharpComputer Laboratory
William Gates BuildingJJ Thompson Avenue
CambridgeCB3 0FD
ABSTRACT
Categories and Subject Descriptors
General Terms
Keywords
1. INTRODUCTION
Copyright is held by the author/owner(s). , May 711, 2002, Honolulu, Hawaii, USA.ACM 1-58113-449-5/02/0005.
396
8/8/2019 Application Level Web Security
2/12
2. APPLICATION-LEVEL SECURITY -
Form Modication
SQL Attacks
Cross-Site Scripting
-
2.1 Motivation and Contributions
397
8/8/2019 Application Level Web Security
3/12
3. TECHNICAL DETAILS
Security Policy Compiler
SPDL Specification
Security GatewayWeb Server
Network
Web Files
Clients
3.1 System Overview
398
8/8/2019 Application Level Web Security
4/12
-
3.2 Security Policy Description Language
3.4.2
-
399
8/8/2019 Application Level Web Security
5/12
400
8/8/2019 Application Level Web Security
6/12
8/8/2019 Application Level Web Security
7/12
3.4.1
3.4.2
3.4.1 Client-side Form Validation
3.4.2 Message Authentication Codes
402
8/8/2019 Application Level Web Security
8/12
3.5 Extensions
3.5.1 Restricting Values of Select Parameters
3.5.2 Protecting against Server Misconguration
4. CASE STUDY
403
8/8/2019 Application Level Web Security
9/12
5. GENERALISING OUR SYSTEM
-
H T T P - p r o x y D y n a m i c G e n e r a t i o n
S e c u r i t y G a t e w a y
0
10
20
30
A d d i t i o n a
l L a
t e n c y
P e r - r e q u e s
t ( m s
)
1 2 3 4 5 6 7 8
Number of client machines
0
1
2
3
4
5
6
T o
t a l T h r o u g
h p u
t ( M b i t s p e r s e c
)
404
8/8/2019 Application Level Web Security
10/12
6. SYSTEM PERFORMANCE
-
405
8/8/2019 Application Level Web Security
11/12
1 2 3 4 5 6 7 8 9 10
Number of client machines
0
5
10
15
20
25
30
T o
t a l T h r o u g
h p u
t ( M b i t s p e r s e c
)
7. RELATED WORK
8. CONCLUSIONS AND FURTHER WORK
406
8/8/2019 Application Level Web Security
12/12
Acknowledgement
9. REFERENCES
407