loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Philippe De Ryck ; Lieven Desmet ; Frank Piessens and Wouter Joosen

Affiliation: KU Leuven, Belgium

ISBN: 978-989-8565-24-2

Keyword(s): HTML5, Web Application Security, Standards, Specification.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Security in Distributed Systems ; Software Security

Abstract: Over the past few years, a significant effort went into the development of a new generation of web standards, centered around the HTML5 specification. Given the importance of the web in our society, it is essential that these new standards are scrutinized for potential security problems. This paper reports on a systematic analysis of ten important, recent specifications with respect to two generic security goals: (1) new web mechanisms should not break the security of existing web applications, and (2) different newly proposed mechanisms should interact with each other gracefully. In total, we found 45 issues, of which 12 are violations of the security goals and 31 issues concern under-specified features. Additionally, we found that 6 out of 11 explicit security considerations have been overlooked/overruled in major browsers, leaving secure specifications vulnerable in the end. All details can be found in an extended version of this paper (De Ryck et al., 2012).

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.215.182.36

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
De Ryck, P.; Desmet, L.; Piessens, F. and Joosen, W. (2012). A Security Analysis of Emerging Web Standards - HTML5 and Friends, from Specification to Implementation.In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 257-262. DOI: 10.5220/0004049502570262

@conference{secrypt12,
author={Philippe De Ryck. and Lieven Desmet. and Frank Piessens. and Wouter Joosen.},
title={A Security Analysis of Emerging Web Standards - HTML5 and Friends, from Specification to Implementation},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={257-262},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004049502570262},
isbn={978-989-8565-24-2},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - A Security Analysis of Emerging Web Standards - HTML5 and Friends, from Specification to Implementation
SN - 978-989-8565-24-2
AU - De Ryck, P.
AU - Desmet, L.
AU - Piessens, F.
AU - Joosen, W.
PY - 2012
SP - 257
EP - 262
DO - 10.5220/0004049502570262

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.