Providing multi-token based protection against cross site request forgery

MOspace/Manakin Repository

Breadcrumbs Navigation

Providing multi-token based protection against cross site request forgery

Please use this identifier to cite or link to this item: http://hdl.handle.net/10355/15396

[+] show full item record


Title: Providing multi-token based protection against cross site request forgery
Author: Pore, Akshay
Keywords: web security
cross site scripting
same origin policy
Date: 2012
Publisher: University of Missouri--Columbia
Abstract: Cross Site Request Forgery (CSRF) attacks occur when a malicious website forces a user's web browser to perform unwanted actions on a trusted website. Analysis of CSRF mitigation techniques show that client side defenses degrade usability and cannot be effectively used for different web applications. Whereas server side mitigation techniques such as checking Referer header is unreliable. Using validation tokens may provide effective defense against CSRF but they can be stolen using Cross Site Scripting (XSS) attacks. Moreover, rigid implementations of validation tokens hamper navigation and degrade usability. To address the limitations of current validation token based defenses, this thesis presents Multi-Token based CSRF protection which secures validation tokens from XSS attacks through a policy engine named XSS Probability Detector and provides customizable and multi-layered CSRF protection through a server side filter called Multi-Token CSRF Protector. XSS Probability Detector inspects incoming data for possible XSS attacks and encodes the detected XSS scripts to protect validation tokens from being stolen. Multi-Token CSRF Protector offers two validation token designs - User_Identifier token and one-time, form-specific antiCSRFToken which can be implemented individually or in-group depending on the sensitivity of web pages in the website.
URI: http://hdl.handle.net/10355/15396
Other Identifiers: PoreA-030612-T1714
Rights: Access is limited to the campuses of the University of Missouri.

This item appears in the following Collection(s)

[+] show full item record