Talks and Poster Presentations (with Proceedings-Entry):
L. Veronese, S. Calzavara, L. Compagna:
"Bulwark: Holistic and Verified Security Monitoring of Web Protocols";
Talk: European Symposium on Research in Computer Security (ESORICS),
Guildford, United Kingdom;
2020-09-14
- 2020-09-18; in: "ESORICS 2020: Computer Security",
Springer,
Lecture Notes in Computer Science, vol 12308
(2020),
ISBN: 978-3-030-58950-9;
23
- 41.
English abstract:
Modern web applications often rely on third-party services to provide their functionality to users. The secure integration of these services is a non-trivial task, as shown by the large number of attacks against Single Sign On and Cashier-as-a-Service protocols. In this paper we present Bulwark, a new automatic tool which generates formally verified security monitors from applied pi-calculus specifications of web protocols. The security monitors generated by Bulwark offer holistic protection, since they can be readily deployed both at the client side and at the server side, thus ensuring full visibility of the attack surface against web protocols. We evaluate the effectiveness of Bulwark by testing it against a pool of vulnerable web applications that use the OAuth 2.0 protocol or integrate the PayPal payment system.
Keywords:
Formal methods, Web security, Web protocols
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1007/978-3-030-58951-6_2
Electronic version of the publication:
https://publik.tuwien.ac.at/files/publik_292112.pdf
Created from the Publication Database of the Vienna University of Technology.