GlassTube
Paper in proceedings, 2013

The HTTP and HTTPS protocols are the corner stones of the modern web. From a security point of view, they offer an all-or- nothing choice to web applications: either no security guarantees with HTTP or both confidentiality and integrity with HTTPS. How- ever, in many scenarios confidentiality is not necessary and even undesired, while integrity is essential to prevent attackers from compromising the data stream. We propose GlassTube, a lightweight approach to web application integrity. GlassTube guarantees integrity at application level, without resorting to the heavyweight HTTPS protocol. GlassTube prevents man-in-the-middle attacks and provides a general method for integrity in web applications and smartphone apps. GlassTube is easily deployed in the form of a library on the server side, and offers flexible deployment options on the client side: from dynamic code distribution, which requires no modification of the browser, to browser plugin and smartphone app, which allow smooth key predistribution. The results of a case study with a web-based chat indicate a boost in the performance compared to HTTPS, achieved with no optimization efforts.

Web application security

Application-level security policies

Data integrity

Lightweight enforcement

Author

Per Hallgren

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Daniel T. Mauritzson

Ericsson

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

PLAS '13 (ACM SIGPLAN workshop on Programming languages and analysis for security). Seattle , WA, USA. June 16-19, 2013

Vol. 8 71-82

Areas of Advance

Information and Communication Technology

Subject Categories

Computer Systems

DOI

10.1145/2465106.2465432

ISBN

978-1-4503-2144-0

More information

Latest update

12/28/2018