01/04/2014 – Talk by M. Squarcina and M. Tempesta

Title: Surviving the Web: A Journey into Web Session Security
Time: 14:00
Location: Meeting Room, building Zeta
Type: Survey of literature
Speaker: Marco Squarcina and Mauro Tempesta
Abstract: In this talk we describe and classify web security properties, attacks and security solutions. We focus on client-side attacks against web sessions, i.e., attacks that target honest user clients establishing a session with a remote web server. We identify general security properties representative of web session security and we highlight the properties violated by the different attacks. We then survey existing security solutions and mechanisms that prevent or mitigate the attacks: for each security solution, we also evaluate the impact on usability, the compatibility with existing web sites and the ease of deployment. Finally, we identify a list of sound principles that, to some extents, have been taken into account by the designers of the surveyed solutions. We believe that these principles could be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way.