Informacja

Drogi użytkowniku, aplikacja do prawidłowego działania wymaga obsługi JavaScript. Proszę włącz obsługę JavaScript w Twojej przeglądarce.

Wyszukujesz frazę "object capabilities" wg kryterium: Temat


Wyświetlanie 1-1 z 1
Tytuł:
Utilizing Object Capabilities to Improve Web Application Security
Autorzy:
Koppmann, Michael
Kudera, Christian
Pucher, Michael
Merzdovnik, Georg
Powiązania:
https://bibliotekanauki.pl/articles/27272525.pdf
Data publikacji:
2022
Wydawca:
NASK - National Research Institute
Tematy:
object capabilities
design patterns
web security
możliwości obiektów
wzorce projektowe
bezpieczeństwo sieci
Opis:
Nowadays, more and more applications are built with web technologies, such as HTML, CSS, and JavaScript, which are then executed in browsers. The web is utilized as an operating system independent application platform. With this change, authorization models change and no longer depend on operating system accounts and underlying access controls and file permissions. Instead, these accounts are now implemented in the applications themselves, including all of the protective measures and security controls that are required for this. Because of the inherent complexity, flaws in the authorization logic are among the most common security vulnerabilities in web applications. Most applications are built on the concept of the Access-Control List (ACL), a security model that decides who can access a given object. Object Capabilities, transferable rights to perform operations on specific objects, have been proposed as an alternative to ACLs, since they are not susceptible to certain attacks prevalent for ACLs. While their use has been investigated for various domains, such as smart contracts, they have not been widely applied for web applications. In this paper, we therefore present a general overview of the capability- based authorization model and adapt those approaches for use in web applications. Based on a prototype implementation, we show the ways in which Object Capabilities may enhance security, while also offering insights into existing pitfalls and problems in porting such models to the web domain.
Źródło:
Applied Cybersecurity & Internet Governance; 2022, 1, 1; 1-18
2956-3119
2956-4395
Pojawia się w:
Applied Cybersecurity & Internet Governance
Dostawca treści:
Biblioteka Nauki
Artykuł
    Wyświetlanie 1-1 z 1

    Ta witryna wykorzystuje pliki cookies do przechowywania informacji na Twoim komputerze. Pliki cookies stosujemy w celu świadczenia usług na najwyższym poziomie, w tym w sposób dostosowany do indywidualnych potrzeb. Korzystanie z witryny bez zmiany ustawień dotyczących cookies oznacza, że będą one zamieszczane w Twoim komputerze. W każdym momencie możesz dokonać zmiany ustawień dotyczących cookies