A Generic Proxy for Secure Smart Card-Enabled Web Applications

Starnberger, Guenther; Froihofer, Lorenz; Goeschka, Karl M.

doi:10.1007/978-3-642-13911-6_25

Cited by 3 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Joshi et al [10] provide an early study on generic security models for Web-based applications. Starnberger et al [16] use smart card based security and discuss a generic proxy architecture to enforce authorizations. In [1], Belchior and colleagues model RBAC policies using RDF triples and N3Logic rules.…”

Section: Related Workmentioning

confidence: 99%

Supporting Customized Views for Enforcing Access Control Constraints in Real-Time Collaborative Web Applications

Gaubatz

Hummer

Zdun

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Real-time collaborative Web applications allow multiple users to concurrently work on a shared document. In addition to popular use cases, such as collaborative text editing, they can also be used for formbased business applications that often require forms to be filled out by different stakeholders. In this context, different users typically need to fill in different parts of a form. Role-based access control and entailment constraints provide means for defining such restrictions. Major challenges in the context of integrating collaborative Web applications with access control restrictions are how to support changes of the configuration of access constrained UI elements at runtime, realizing acceptable performance and update behaviour, and an easy integration with existing Web applications. In this paper, we address these challenges through a novel approach supporting constrained and customized UI views that support runtime changes and integrate well with existing Web applications. Using a prototypical implementation, we show that the approach provides acceptable update behaviour and requires only a small performance overhead for the access control tasks with linear scalability.

show abstract

Section: Related Workmentioning

confidence: 99%

Supporting Customized Views for Enforcing Access Control Constraints in Real-Time Collaborative Web Applications

Gaubatz

Hummer

Zdun

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…However, this me to provide a protection or notification when has been exposed to malicious software challenge, Starnberger et al [13] took the init a smartcard-based TPM attestation by integr integrity verification in their proposed solutio to mitigate malicious software attacks on th as well as providing extra security mea external devices.…”

Section: Relamentioning

confidence: 99%

An enhanced remote authentication scheme to mitigate man-in-the-browser attacks

Nor

Jalil

Manan

2012

Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec)

View full text Add to dashboard Cite

Lately, the attacks on online banking and electronic commerce applications are on the rise. These attacks are targeting at the vulnerabilities found at the client-side of a clientserver communication. Unfortunately, the traditional security mechanisms are not efficient enough in preventing these attacks. Man-in-the-browser attack is an example of such attacks. In this type of attack, an attacker tries to take advantage at the vulnerabilities caused by the client's browser extension. This attack is able to manipulate the information contained in a transaction without the user's consent. In this paper, an enhanced remote authentication protocol is proposed to mitigate the attack. Experiments were conducted in order to test the proposed protocol. From the experiments, it was found that the proposed protocol is able to mitigate the attack successfully. Keywords-Trusted platform module; man-in-the-middle; man-inthe-browser; remote user authentication; privacy; pseudonymI.

show abstract

“…The first prerequisite to temporal decoupling is a secure smart card running the security-critical parts of the application such as time synchronization and time stamping of bid submissions [25,28]. In order to enable the Web application to talk to the smart card, we introduced the smart card proxy [27], a generic secure approach to enable secure HTTP-based (Hypertext Transfer Protocol) access to smart cards that do not offer an HTTP communication interface.…”

Section: Architecturementioning

confidence: 99%

Experience Report: Trading Dependability, Performance, and Security through Temporal Decoupling

Froihofer

Starnberger

Goeschka

2011

Distributed Applications and Interoperable Systems

Self Cite

View full text Add to dashboard Cite

While it is widely recognized that security can be traded for performance and dependability, this trade-off lacks concrete and quantitative evidence. In this experience report we discuss (i) a concrete approach (temporal decoupling) to control the trade-off between those properties, and (ii) a quantitative and qualitative evaluation of the benefits based on an online auction system. Our results show that trading only a small amount of security does not pay off in terms of performance or dependability. Trading security even more first improves performance and later improves dependability.

show abstract

A Generic Proxy for Secure Smart Card-Enabled Web Applications

Cited by 3 publications

References 13 publications

Supporting Customized Views for Enforcing Access Control Constraints in Real-Time Collaborative Web Applications

Supporting Customized Views for Enforcing Access Control Constraints in Real-Time Collaborative Web Applications

An enhanced remote authentication scheme to mitigate man-in-the-browser attacks

Experience Report: Trading Dependability, Performance, and Security through Temporal Decoupling

Contact Info

Product

Resources

About