• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • 1
  • 1
  • Tagged with
  • 3
  • 3
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

On web security: a trusted notification system.

January 2011 (has links)
Tse, Kai Shun Scottie. / "December 2010." / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 52-54). / Abstracts in English and Chinese. / Abstract --- p.ii / Acknowledgements --- p.iii / List of Figures --- p.vi / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Web 2.0 --- p.2 / Chapter 1.2 --- Research Motivation --- p.2 / Chapter 2 --- Background Study on Web Attacks --- p.4 / Chapter 2.1 --- Cross Site Scripting (XSS) --- p.5 / Chapter 2.2 --- Cross Channel Scripting (XCS) --- p.6 / Chapter 2.3 --- Cross Site Request Forgery (CSRF) --- p.6 / Chapter 2.4 --- Click Jacking --- p.7 / Chapter 2.5 --- Extension and plugins vulnerabilities --- p.8 / Chapter 2.6 --- Privacy Issue --- p.10 / Chapter 2.7 --- Network security --- p.12 / Chapter 2.8 --- Developer implementation flaw --- p.13 / Chapter 2.9 --- Chapter Summary --- p.15 / Chapter 3 --- Defenses on Web Attacks --- p.17 / Chapter 3.1 --- Same Origin Policy --- p.17 / Chapter 3.2 --- Filtering mechanism --- p.18 / Chapter 3.2.1 --- Client-side filtering --- p.18 / Chapter 3.2.2 --- Server-side filtering --- p.19 / Chapter 3.3 --- XSS Defenses --- p.20 / Chapter 3.4 --- CSRF Defenses --- p.22 / Chapter 3.5 --- Browser warnings --- p.23 / Chapter 3.6 --- Chapter Summary --- p.24 / Chapter 4 --- On web communication --- p.26 / Chapter 4.1 --- On cross domain communication --- p.26 / Chapter 4.1.1 --- HTML5 --- p.26 / Chapter 4.1.2 --- Flash 10 --- p.28 / Chapter 4.1.3 --- Extended studys crossdomain.xml of Flash --- p.29 / Chapter 4.2 --- On cross frame communication --- p.32 / Chapter 4.3 --- Trusted Notification System --- p.35 / Chapter 4.3.1 --- Assumptions --- p.35 / Chapter 4.3.2 --- Implementation Issues --- p.35 / Chapter 4.3.3 --- Information flow --- p.37 / Chapter 4.3.4 --- Features --- p.38 / Chapter 4.3.4.1 --- Counter fake --- p.38 / Chapter 4.3.4.2 --- Plug and play --- p.38 / Chapter 4.3.4.3 --- Mitigate future attacks --- p.39 / Chapter 4.3.4.4 --- Session persist after logout --- p.39 / Chapter 4.3.4.5 --- Follow the standards --- p.40 / Chapter 4.3.5 --- Related works --- p.40 / Chapter 4.4 --- Chapter Summary --- p.41 / Chapter 5 --- Conclusion --- p.43 / Chapter 5.1 --- Contributions --- p.43 / Chapter 5.2 --- Discussions and future work --- p.44 / Chapter A --- Non-persistent XSS attack on Horde --- p.45 / Chapter B --- Data tampering attack on facebook application --- p.50 / Bibliography --- p.52
2

A framework for secure human computer interaction.

Johnston, James 02 June 2008 (has links)
This research is concerned with the development of a framework for the analysis and design of interfaces found in a security environment. An example of such an interface is a firewall. The purpose of this research is to use the framework as a method to improve the usability of an interface, thus aiding the user to implement the correct security features. The purpose is also to use the framework to assist in the development of trust between a user and a computer system. In this research the framework comprises six criteria which are used to analyse interfaces found in the traditional software environment, Internet banking environment and e-commerce environment. In order to develop the framework an overview of the fields of information security and human computer interfaces (HCI) is given. The overview provides background information and also establishes the existing research which has been done in these fields. Due to its popularity, the Windows Internet Connection Firewall is analysed in this research. Based on the criteria a level of trust fostered between the user and interface is calculated for the firewall. It is then shown how this level of trust can be improved by modifying the interface. A proposed interface for the firewall is presented according to the criteria. Interfaces found in the online Internet environment are discussed. This is important in order to identify the similarities and differences between traditional software interfaces and web interfaces. Due to these differences the criteria are modified to be relevant in the analysis and design of security interfaces found on the Internet. Three South African online banking websites are analysed according to the modified framework. Each interface is broken down into a number of components which are then analysed individually. The results of the analysis are compared between the three banking sites to identify the elements which make up a successful interface in an online banking environment. Lastly, three interfaces of e-commerce websites are analysed. Recommendations are made on how the interfaces can be improved, thus leading to a higher level of trust. / Labuschagne, L., Prof.
3

Secure web applications against off-line password guessing attack : a two way password protocol with challenge response using arbitrary images

Lu, Zebin 14 August 2013 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol, TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results.

Page generated in 0.0947 seconds