Advanced Web and E-Voting Security

Hello

           I will be presenting the paper on SMash which is an implementation by IBM to answer the problem of secure cross domain mashups. There is an additional paper written by the authors called a research report which goes into some more detail on the implementation. It is linked on this web page below

http://domino.research.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c85256b360066f0d4/0ee2d79f8be461ce8525731b0009404d?OpenDocument

Also there is an updated version of the conference paper we are reading. There only difference I can see with the updated version is that they add a few paragraphs addressing a criticism of their link integrity given by Barth et al in Securing Frame Communication in Browsers

http://domino.research.ibm.com/comm/research_projects.nsf/pages/web_2.0_security.smash.html/$FILE/fp332-dekeukelaere.long.pdf

IBM has donated SMash to the Open Ajax Alliance which has not yet integrated it into their Open Ajax Hub but the source code and some demos can be found here:

http://openajaxallianc.svn.sourceforge.net/viewvc/openajaxallianc/hub/trunk/sandbox/smash/src/

Thanks

These include discussions upto the Chrome paper.

Here is a link to the conference paper on MashupOS as discussed in class on Wednesday, which goes into more detail on the <sandbox> and <opensandbox> elements:

Protection and Communication Abstractions for Web Browsers in MashupOS
Helen J. Wang, Xiaofeng Fan, Jon Howell, and Collin Jackson
In Proc. of the 21st ACM Symposium on Operating Systems Principles (SOSP 2007)

http://www.breitbart.com/article.php?id=CNG.ecb943cdf559874f1a53793c5f03723d.1041&show_article=1

Hello All,

My name is Prithvi Bisht and I will present the paper titled “Analyzing Websites for User-Visible Security Design Flaws” on Wednesday, 4 March.

The main question asked in this paper is “Do legitimate websites assist in making secure decisions?”

a.       What flaws (design level) exist that facilitate attacks like Phishing, Social engineering?

b.      How these flaws can be removed?

This paper presents a survey of financial websites for security relevant flaws and recommends several remedies. In the class we will take an in-depth look at the design flaws, perform security and usability analysis of the recommendations, and discuss issues/solutions for designing secure web applications.

Note:  An equally important question “Do users make secure decisions” is covered in prior works like the following –

[1] Why Phishing Works – R. Dhamija et al., SICHI 2006

[2] The emperor’s new security indicators: An evaluation of website authentication and the effect of role playing on usability studies – S. Schechter et al., IEEE S&P 2007