Venue | Category |
---|---|
TrustCom'11 | Network Security |
A Privacy-Preserving Defense Mechanism Against Request Forgery Attacks1. SummaryMotivation of this paperDeRefImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
an attacker's website triggers a client's browser to send an HTTP request to a target website. If the HTTP request carries the client credentials, then the attacker can perform actions on the website using the client's privileges, without the client be notified.
scopes: a combination of the protocol, domain, and path.
the shortcoming of existing fine-grained access control approaches is the policy file carries sensitive scope information in plain format.
the browser and website to exchange sensitive scope information while they may not need to fully trust each other.
denoted by , where .
If the browser initiates a request to the website from URL , then it checks if belongs to any of the
the browser derives all possible scopes for a given URL into
Requirements:
For (1): the website send the browser a list of -bit hashes of the configured scopes,
, is a random salt that is sent alongside the hash list.
The browser also initiates a request from URL . it computes and checks if it matches any
does not reveal to the website.
if is small, then the browser cannot surely tell if a is being configured.
For (2): Use the potentially matched scopes returned by hash checking as inputs, and conduct blind checking
follow the blind-RSA, and send the blinded hash of to the website the website signs and returns the hash of blined hash
high computation overhead.
It introduces hash checking to ignore any scopes that are guaranteed to be not configured
reduce the overhead of blind checking.
tune the parameter .
allow the browser and the website to exchange configuration information in a privacy-preserving manner.
The website should keep the ACLs private to browsers to avoid revealing its defense strategy.