Request dependency integrity: validating web requests using dependencies in the browser environment
by Kailas Patil
International Journal of Information Privacy, Security and Integrity (IJIPSI), Vol. 2, No. 4, 2016

Abstract: Web requests are the cornerstones of modern web applications. As the browser environment evolves with increasing complexity, attackers have various ways in triggering malicious requests to the server. Traditional security solutions, such as HTTP cookies and session IDs, are insufficient in helping the server to distinguish benign web requests from malicious ones. By design, a web application only expects requests to be generated in certain ways in the browser environment. Therefore, the dynamic browser behaviours and static browser environment that a web request depends on are invariant, which we call request dependency integrity. Based on this observation, we propose a comprehensive approach to validating web requests using dependencies in the browser environment. Our approach extracts the dependency of web requests from the browser, representing it in a request dependency graph (RDG). RDG allows web servers to detect malicious requests through enforcing the request dependency integrity, which is applicable to a wide range of malicious-request-based attacks. We develop an end-to-end solution called ClearRequest and build a prototype in the Firefox browser. We demonstrate the effectiveness of ClearRequest in evaluation using several types of malicious-request-based attacks.

Online publication date: Tue, 07-Feb-2017

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

 
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information Privacy, Security and Integrity (IJIPSI):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?


Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com


 
Return to top