alexa Light-Weight CSRF Protection by Labeling User-Created Contents
Engineering

Engineering

Journal of Information Technology & Software Engineering

Author(s): YinChang Sung, Michael Cheng Yi Cho, ChiWei Wang, ChiaWei Hsu, Shiuhpyng Winston Shieh

Abstract Share this page

Cross-site request forgery (CSRF/XSRF) is a serious vulnerability in Web 2.0 environment. With CSRF, an adversary can spoof the payload of an HTTP request and entice the victim's browser to transmit an HTTP request to the web server. Consequently, the server cannot determine legitimacy of the HTTP request. This paper presents a light-weight CSRF prevention method by introducing a quarantine system to inspect suspicious scripts on the server-side. Instead of using script filtering and rewriting approach, this scheme is based on a new labeling mechanism (we called it Content Box) which enables the web server to distinguish the malicious requests from the harmless requests without the need to modify the user created contents (UCCs). Consequently, a malicious request can be blocked when it attempts to access critical web services that was defined by the web administrator. To demonstrate the effectiveness of the proposed scheme, the proposed scheme was implemented and the performance was evaluated.

This article was published in Software Security and Reliability (SERE) and referenced in Journal of Information Technology & Software Engineering

Relevant Expert PPTs

Relevant Speaker PPTs

Recommended Conferences

Peer Reviewed Journals
 
Make the best use of Scientific Research and information from our 700 + peer reviewed, Open Access Journals
International Conferences 2017-18
 
Meet Inspiring Speakers and Experts at our 3000+ Global Annual Meetings

Contact Us

 
© 2008-2017 OMICS International - Open Access Publisher. Best viewed in Mozilla Firefox | Google Chrome | Above IE 7.0 version
adwords