| Publisher | Association for Computing Machinery | ||
|---|---|---|---|
| Format | 2.4MB PDF | Date added | 03 Nov 2006 |
| Topics | Web Browsers, Network Security, Security Management | ||
| Downloads | 11 | ||
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser's host machine and user. This paper attempts to quantify the threat of browsers being indirectly misused for attacking third parties. Specifically, the paper looks at how the existing Web infrastructure (e.g., the languages, protocols, and security policies) can be exploited by malicious Web sites to remotely instruct browsers to orchestrate actions including denial of service attacks, worm propagation and reconnaissance scans. The paper shows that, depending mostly on the popularity of a malicious Web site and user browsing patterns, attackers are able to create powerful botnet-like infrastructures that can cause significant damage. The paper explores the effectiveness of counter-measures including anomaly detection and more fine-grained browser security policies.
Did you find this white paper useful?
17 out of 30 users found this white paper useful
Related white papers
Improving the Web Browsing Environment for Dyslexics by Elaborating the Viewing and Reading Functionalities
Dyslexia is a disability in the brain's processing. It is characterized by difficulties in reading, writing, and retaining information in short-term memory, though it does not affect vision, hearing, or...
MSDN Webcast: Internet Explorer 8 for Developers (Level 200)
Windows Internet Explorer 8 ushers in a new wave of browser innovation from Microsoft, including Web Slices and Accelerators, while maintaining compatibility with the today's Web standards. The presenter of...
MSDN Webcast: Designing Creative DHTML, Silverlight UIs: Simple, Visualized & Intuitive (Level 300)
The presenter of this webcast shows off the new point and click Visual WebGui Control & Theme Designer. This designer joins the well known drag and drop Visual WebGui Form...
MSDN Webcast: Silverlight Controls Framework (Level 100)
The presenter of this webcast provides an overview of the Microsoft Silverlight controls and controls model. The presenter shows how to use Silverlight controls and how to make minor visual...
The Security Architecture of the Chromium Browser
Most current web browsers employ a monolithic architecture that combines "The User" and "The Web" into a single protection domain. An attacker who exploits arbitrary code execution vulnerability in such...
Leading TV and Online Sports Broadcaster Raises the Bar With Microsoft Silverlight
Founded in 1992 and based in London, Setanta Sports is a leading Internet and pay-TV sports broadcaster, operating channels in the U.K., Ireland, North America, and Australia. Setanta wanted to...
Web Technologies Help MTV Networks Create Dynamic Website and Improve Global Workflow
MTV Networks (MTVN), a division of Viacom, is one of the world's leading creators of entertainment content. In 2000, the company created ALIAS (Archive Library Information Access System), an enterprise...
