throbber
Abstracting Application-Level Web Security
`
`David Scott
`Laboratory For Communications Engineering
`Engineering Department
`Trumpington Street
`Cambridge
`CB2 1PZ
`djs55@eng.cam.ac.uk
`
`Richard Sharp
`Computer Laboratory
`William Gates Building
`JJ Thompson Avenue
`Cambridge
`CB3 0FD
`rws26@cl.cam.ac.uk
`
`ABSTRACT
`Aicai  eve web ec iy efe  v eabiiie ihe
`e i he c de f a web aicai  ief ieecive f he
`ech gie i which i i i e eed  he ec iy f he
`web eve/back ed daabae  which i i b i.  he
`a few h aicai  eve v eabiiie have bee
`ex ied wih ei  c e ece: hacke have icked
`e c ece ie i hiig g d f   chage e
`a e ad aw d have bee haveed ad c (cid:12)deia
`if  ai   ch a addee ad cedi cad  be ha
`bee eaked.
`  hi ae we iveigae ew   ad echi e
`which adde he  be f aicai  eve web ec
`iy. We i decibe a caabe  c ig echai faci
`iaig he abaci  f ec iy  icie f age web
`aicai  deve ed i hee ge  i af  evi
`  e; ii ee a  which ai  ga e de
`ve  ec e aicai  which ae eiie  a wide age
` f c  aack; ad iii e  e  ad exeiece
`aiig f  i e eai  f hee echi e.
`
`Categories and Subject Descriptors
`D.2.2 [S fwae Egieeig]: Deig T  ad Tech
`i e| d e ad ieface; D.2.12 [S fwae Egi
`eeig]: e eabiiy|ieface de(cid:12)ii  ag age
`
`General Terms
`Sec iy Deig
`
`Keywords
`Aicai  eve Web Sec iy Sec iy  icy Decii 
`ag age C  e baed Deig
`
`1.
`
`INTRODUCTION
` he 25h a ay 2001 a aice aeaed i a e
`eced Biih ewae eied Sec iy e Theae
`Biih E aie [13]. The aice decibed h w a j ai
`hacked a  be f e c ece ie  ccef y b yig
`g d f  e ha hei ieded ice. The aack e
` ed i a  be f  chae beig ade f  10 ece
`each ic dig a iee d ai a e ivehady . g. k
`a \Wae Diec" caeda ad icke f  a i y ai  
`Copyright is held by the author/owner(s).
`WWW2002, May 7–11, 2002, Honolulu, Hawaii, USA.
`ACM 1-58113-449-5/02/0005.
`
`c ce1. The a h  f he aice ighy beve ha he
` ce \e ie  aic a echica ki"; he aack
` eey iv ve avig he T f   dik difyig
`he ice  ed i a hidde f  (cid:12)ed ig a ex edi 
`ad e adig he T f  back i he b we. A
`ece aice  bihed i ZD e [17]  gge ha be
`wee 30 ad 40 f e c ece ie h gh  he
`w d ae v eabe  hi i e aack. ee Sec iy
`Sye   SS idei(cid:12)ed eeve widey de yed c ecia
`h ig ca aicai  which  (cid:11)e f he v eabi
`iy [14].
`The ice chagig aack i a c e ece f a ai
`cai  eve ec iy h e. We e he e aicai 
`eve web ec iy  efe  v eabiiie ihee i he
`c de f a web aicai  ief ieecive f he ech
` gy i which i i i e eed  he ec iy f he
`web eve/back ed daabae  which i i b i.  
`aicai  eve ec iy h e aie beca e web aica
`i  iakey   daa e ed f a cie. F 
`exa e i he ice chagig aack he web aicai 
` ake he ivaid a i  ha a e ca  dify he
`ice beca e i i  ed i a hidde (cid:12)ed.
`Aicai  eve ec iy v eabiiie ae we k w
`ad ay aice have bee  bihed adviig deve 
`e  h w hey ca be av ided [22 23 28]. Fixig a i
`ge cc ece f a v eabiiy i  ay eay. weve
`he aive  be f ieaci  bewee di(cid:11)ee c
` e f a dya ic webie ake aicai  eve e
`c iy chaegig i geea. Deie  e  e(cid:11)  
`ighe aicai  eve ec iy h gh c de eview ad
` he  fwae egieeig acice [18] he fac e ai
`ha a age  be f  fei ay deiged webie i
` (cid:11)e f ei  aicai  eve ec iy h e. Thi ev
`idece  gge ha highe eve   ad echi e ae
`e ied  adde he  be .
`  hi ae we ee a  c ig echi e which
`he deige abac ec iy  icie f age web a
`icai .   ye c i f a eciaied Sec iy
` icy Decii  ag age SD which i ed  
`ga a aicai  eve (cid:12)ewa efeed  a a ec
`iy gaeway. Sec iy  icie ae wie i SD ad
`c ied f  exec i   he ec iy gaeway. The ec
`iy gaeway dya icay aaye ad af   TT
`e e/e e  ef ce he eci(cid:12)ed  icy.
`
`1S e eade ay ag e ha 10 i he  e va e f icke
`  ch a c ce. A f dic i  f hi  ic i ide
`he c e f hi ae.
`
`396
`
`

`
`The e aide f he ae i  c ed a f w: Sec
`i  2  vey a  be f aicai  eve aack ad di
`c e  e f he ea  why aicai  eve v eabii
`ie ae  evae i acice.  Seci  3 we decibe he
`echica deai f  ye f  abacig aicai 
`eve web ec iy.   eh d gy i i aed wih a
`exeded exa e i Seci  4 ad we dic  h w he idea
`i hi ae ay be geeaied i Seci  5. We have i
`e eed he echi e dic ed i hi ae. The e
`f  ace f  i e eai  i eva aed i Seci  6.
`Reaed w k i dic ed i Seci  7; (cid:12)ay Seci  8
`c c de.
`
`2. APPLICATION-LEVEL SECURITY
`We a by bie(cid:13)y caeg iig ad  veyig a  be
` f c  aicai  eve aack. We ake  cai 
`egadig he c eee f hi  vey; he v eabiiie
`highighed hee ae a eeci  f h e which we fee ae
`aic ay i  a.
`Form Modification
`T f   ae a aicai  eve ec iy ie(cid:12)ed.  
` w exei e idicae ha a igi(cid:12)ca eceage f
`web f   ae v eabe  aicai  eve aack. The
` ai ea  f  hi i ha web deige i iciy  
`vaidai   e which ae ef ced y  he cie ide.
`Exa e f cie ide f  vaidai  ic de b h c 
`ai i  ed by he T ief e.g. he axegh a
`ib e ad ci   ay avaSci  ga  which ae
`exec ed  he cie. f c e i acice e ca ea
`iy dify cie ide vaidai   e  hey h d eve
`be  ed.
`The aee a e f he TT   c eave deig
`e wih he ak f aagig aicai  ae ac 
`ie e e.  i fe eaie  head ae h gh a
`eie f e e/e e ig hidde f  (cid:12)ed ha i
`i   e daa i a back ed daabae. Uf  aey ig
`hidde f  (cid:12)ed i hi way eabe he cie  dify
`iea aicai  ae eadig  v eabiiie  ch a
`he ice chagig aack decibed i he  d ci .  i
`ieeig   e ha a eeced exb k  T [21]
`ec ed hi dage  acice wih  ay ei 
` f ec iy i e.
`F  di(cid:12)cai  i fe ed i c j ci  wih he
`aack. F  exa e chagig axegh c ai 
`he cie ay ex e b (cid:11)e ve  ad S  e  
`he eve ide. f  ai  geaed f  ch fai e 
`vide iigh i he iea  c e f he ie  iby
`highighig aea whee i i aic ay v eabe.
`Ah gh wiig eve ide c de  hade f  i 
`ec ey ay   be ceebay axig i i a edi  i e
`c  ig ad e   e ak which i aey deake
`c ecy if a a i acice.
`SQL Attacks
`Web aicai  c y e daa ead f a cie
` c  c S   eie. Uf  aey c  cig he
` ey a(cid:127)(cid:16)vey ead  a v eabiiy whee he e ca
`exec e abiay S  agai he back ed daabae. The
`aack i be i aed wih a i e exa e:
`C ide a E  yee Diec y Webie wie i he
`  a ciig ag age  [3] which   a e
` ee he  a e f a e  yee  each f  by ea
`
` f a f  b x caed eacha e.  he eve ide hi
`each ig  ed i he vaiabe eacha e i ed 
`b id a S   ey. Thi ay iv ve c de  ch a:
`
` ey = "SEECT f ea eefaxe ai
`FR e a
`WERE  a e=‘eacha e ; ";
`
`if he e ee he f wig ex i he
` weve
`eacha e f  b x:
`
` ; SEECT aw defaxe ai FR e a
`WERE  a e=‘Sha
`
`he he va e f vaiabe  ey wi bec e:
`
`SEECT f ea eefaxe ai FR e a
`WERE  a e=‘ ;
`SEECT aw defaxe ai FR e a
`WERE  a e=‘Sha ;
`
`Whe exec ed   e S  daabae hi wi e  i
`Sha  aw d beig e ed iead f hi f ea e.
`Eve if y a hah f he aw d i eaked a f wad
`each aack agai a adad dici ay ad a ea 
`abe chace f ec veig he ac a aw d.
`
`Cross-Site Scripting
`C  Sie Sciig XSS efe  a age f aack i
`which e  b i aici  T  iby ic dig
`ci|e.g. avaSci  dya ic web aicai . The
` aici  T ay be e bedded iide UR aa ee
`f  (cid:12)ed  c kie. Whe he e view he aici 
`c e i aea  c e f he dya ic webie ief
`a  ed  ce. The i icai  f XSS ae evee; f 
`exa e he Sa e igi  icy a key a f avaSci 
`ec iy de [12] i  bveed.
`A CERT advi y CA 2000 02 [7] ie a age f e
`i  aack which c e de he geea headig f XSS.
`The i f aack ic de eaig c (cid:12)deia if  ai 
`e.g. ea e aw d cedi cad  be aeig
`he behavi  f f   e.g.  ig daa  a cacke  a
`chie ad ex ig SS Ecyed c eci . Cay  e
`a. [9] decibe he deai f a ava/avaSci XSS aack
`which evea he  addee f cie ig a   
`edy a y  daig evice.
`  i we k w ha XSS v eabiiie ca be (cid:12)xed by
`ec dig T ea chaace2 exiciy ig T 
`#hi yax whee hi i he  eica eeeai  f
`he ec ded chaace. weve he (cid:13)exibiiy f T
` ake hi a e c icaed ak ha ay e e e
`aie [8]. F he e f  age aicai  i i a ab i 
`ad e   e ak  e e ha a i  f he e
`ha bee a iaey T ec ded.
`2.1 Motivation and Contributions
`  hi eci  we dic  a  be f fac  which c 
`ib e  he evaece f aicai  eve ec iy v e
`abiiie. We beieve ha each f he  be  ied be w
` i  he a e  i : he ec iy  icy h d be
`aied a a highe eve e vig ec iy eaed e 
`ibiiie f c de wheeve  ibe.
`
`2ea chaace ae h e which have ecia eaig
`wihi T. F  exa e < ad > ae ed  dei i
`ag.
`
`

`
`A aj  ca e f aicai  eve ec iy v eabiiie
`i a geea ack f ag age eve    i   a 
`yed ciig ag age. F  exa e c ide he a
`g age  [3] ad VB Sci [24]. Whe ig hee a
`g age i i he j b f he  ga e  a ay veify
`ha a e i  i a iaey T ec ded. ad
`veey iig a ca  he T ec dig f ci 
`e  i a v eabiiy beig i d ced. F  age ai
`cai  wie i  ch ag age i i ieviabe ha a few
` ch v eabiiie wi cee i.  e ha  e ech
`gie  vide geae ag age eve    i hi eec:
`whe ig yed ag age  ch a ava he ye ye
`ca be e  yed  aicay veify ha a e i  ha
`bee aed h gh a T ec dig f ci ; e 
`ai de (cid:11)e i ia g aaee b  h gh   i e
`check ahe ha c ie i e aayi.
` f web aicai  wee wie i a ige  ga ig
`ag age by a  a  be f deve e he e c d
`eaae he ec iy  icy f he ai b dy f c de by
`abacig ec iy eaed ibay f ci  behid a cea
`A . weve i eaiy age web aicai  fe c 
`i f a age  be f ieacig c  e wie i
`di(cid:11)ee  ga ig ag age by eaae ea  f de
`ve e. T c icae he i ai  f he  e f hee
`c  e ay be b gh i f hid ay deve e
` iby i biay f  .   ch a evi  e i i dif
`(cid:12)c   abac c  c de b ck i ibaie. The
`ieviabe c e ece i ha ec iy ciica c de i ca
`eed h gh  he aicai  i a  c ed way.
`Thi ack f  c e ake (cid:12)xig v eabiiie diÆc :
`he a e ec iy h e ay have  be (cid:12)xed evea i e
`h gh  he aicai .
`A he aj  i e abei a   echica e i a ack
` f c ce f  ec iy i he web deve  e c iy.
`Ah gh we eaie ha hi i a geeaiai  evidece
` gge ha fac   ch a i e  ake gahic deig
`ad abiiy ae geeay c ideed highe i iy ha
`aicai  eve ec iy. We ecey aked wih  e
`web deve e w kig f  a age eec icai  c
`ay3; hey wee  ied  hea f he aack ied i
`Seci  2 ad had ake  e   ec agai he .
`  hi ae we ee   ad echi e which 
`ec webie f aicai  eve aack. Whi we ec g
`ie ha    ed eh d gy i   a aacea we
`cai ha i d e he   ec agai a wide age f
`c  v eabiiie.
`
`3. TECHNICAL DETAILS
`  ye c i f a  be f c  e:
`
`1. A ec iy  icy decii  ag age SD i ed
` ecify a e f vaidai  c ai ad af 
` ai   e.
`
`2. A  icy c ie a  aicay aae he SD
`i c de f  checkig vaidai  c ai.
`
`3. A aicai  eve ec iy gaeway i  ii ed be
`wee he web eve ad cie achie.
`
`Fig e 1 h w a diaga aic view f he c  e
` f  ye ad he ieaci  bewee he .  e ha
`
`3We hae  add ha hi wa       ATT!
`
`Web Server
`
`Security Gateway
`
`Web Files
`
`Network
`
`Security Policy Compiler
`
`Clients
`
`SPDL Specification
`
`Fig e 1: A diaga aic view f  ye f 
`abacig aicai  eve web ec iy
`
`he ec iy gaeway d e   have     a dedicaed
` achie: i c d be exec ed a a eaae  ce  he
`exiig web eve   achieve bee ef  ace ie
`gaed i he web eve diecy.
`
`3.1 System Overview
`A deige c de a e f vaidai  c ai ad a
`f  ai   e i SD. Vaidai  c ai ace e
`ici   daa i c kie UR aa ee ad f  .
`F  exa e yica c ai ic de \he va e f hi
`c kie  be a iege bewee 1 ad 3" ad \he va e f
`hi hidde f  (cid:12)ed  eve be di(cid:12)ed". The a
`f  ai   e f a SD eci(cid:12)cai  a w a  ga
` e  ecify vai  af  ai   e i . The
`kid f af  ai  which ay be eci(cid:12)ed ae \a
`daa f a (cid:12)ed  f  f h gh a T ec dig
`f ci "  \ecae a ige ad d be  e i ex
` b ied via hi UR aa ee". A deaied decii 
` f SD i give i Seci  3.2.
`The  icy c ie aae SD i c de which e
`f ce vaidai   e ad aie he eci(cid:12)ed af  a
`i . The geeaed c de i dya icay aded i he
`ec iy gaeway whee i i exec ed i de  ef ce he
`eci(cid:12)ed  icy. The ec iy gaeway ac a a aicai 
`eve (cid:12)ewa; i j b i  iece aaye ad af 
`wh e TT eage ee Seci  3.4. A we a check
`ig TT e e he ec iy gaeway a ewie he
`T i TT e e a aig i wih eage A
`heicai  C de AC [27]   ec ae which ay
`have bee aici y di(cid:12)ed by cie ee Seci  3.4.2.
`Ah gh ef  ig vaidai  check  he eve ide
`i  Æcie f  ec iy   e e ieface i e  e
`i e e ie vaidai   e  be aied  he cie ide.
`F  exa e web f   fe e avaSci f  cie ide
`vaidai   ed ce he beved aecy bewee f   b
` ii  ad eceivig vaidai  e . T adde hi
`eed he  icy c ie (cid:11)e he i  f geeaig
`avaSci diecy f he vaidai   e f he SD
`eci(cid:12)cai . The ec iy gaeway aaye f   a hey
`ae e  he cie a  aicay ieig avaSci va
`idai   e whee a iae. Sice b h cie ide ad
`eve ide vaidai  c de i deived f a ige eci(cid:12)ca
`i  deige y have  wie he ec iy  icy ce.
`Eve if he cie ide avaSci i  bveed hee ae i
`eve ide check i ace.
`
`

`
` e ha he ea  we ie avaSci i f   dy
`a icay ahe ha ieig i aicay i (cid:12)e i he
`web e i y i ha ay aicai  e eve ide
`c de  geeae f    he (cid:13)y. Ah gh hee i c e
`f  aayi f web ciig ag age  ie vaidai 
`c de aicay hi i a  ic f  f  e w k.
`3.2 Security Policy Description Language
`A he   eve a SD eci(cid:12)cai  i a X d c
` e. The DTD c e dig  SD i h w i Fig
` e 2. A  icy ee e c ai a eie f UR ad c kie
`ee e. F  each UR ee e a  be f aa ee
`ae decaed. The aib e f a aa ee ee e wih
`a e =  ace c ai  daa aed via :
`
`(cid:15) The axegh ad iegh aib e ecify he
` axi ad ii egh f daa aed via .
`
`(cid:15) Seig e ied  \Y" eci(cid:12)e ha   away
`c ai a   ze egh va e;
`
`(cid:15) Seig AC  \Y" eci(cid:12)e ha he va e f  
`be acc aied by a eage A heicai  C de
`AC [27] geeaed by he eve. Thi eve
`he e f chagig he va e f he aa ee 
`abiay va e ee Seci  3.4.2.
`
`(cid:15) The ye aib e eci(cid:12)e he daa ye f  eihe
`i f a b  ig.
`
`The eh d aib e dee ie whehe he eci(cid:12)ed c 
`ai ay   aed a a GET aa ee i.e. a UR
`ag e  a ST aa ee i.e. e ed f a f  .
`Seig eh d  GETadST ea ha he c ai
`wihi he aa ee ee e ae aicabe  b h GET
`ad ST aa ee wih a e = .
`The GETadST
` i  i aic ay ef if a f a web aicai 
`ae wie i a ag age which d e   f ce a diici 
`bewee GET ad ST aa ee wih he a e a e|
`e.g. .
`F  exa e c ide he f wig ec iy  icy de
`cii :
`
`< icy>
`<UR efix="h://exa e">
`<aa ee a e="1" axegh="4"
`ye="i" e ied="Y"
`AC="">
`</aa ee>
`<aa ee a e="2" eh d="ST"
` axegh="3" ye="ig">
`</aa ee>
`</UR>
`</ icy>
`
`Thi exa e eci(cid:12)e c ai  aa ee aed 
`UR wih e(cid:12)x \h://exa e".
`The (cid:12) aa ee ee e de(cid:12)e c ai  be a
`ied  a aa ee a ed 1 eihe GET  ST; he
`ec d aa ee ee e de(cid:12)e c ai  be aied
` a ST aa ee a ed 2.
`We h e ha he aib e f aa ee ee e c ve
`he aj iy f vaidai  c ai ha deige e ie.
` weve i  e cic ace a geae degee f c  i
`e ied: hi i  vided by he vaidai  ee e. The
`
`vaidai  ee e a w c ex c ai  be e
`c ded i a geea   e vaidai  ag age. The c e
` f he vaidai  ee e i a vaidai  exei  wie
`i a i e ca by va e aicaive ag age which i e
`eiay a i y yed  be f Sadad  [20].  e
`ha he ecie deai f he ag age ae   he ai
`f c  f hi ae.  icie ay ag age c d be ed
` exe vaidai  c ai. F  ex i y   e
`we ch e  ake he ag age a i e a  ibe.
`The abac yax f he vaidai  ag age i h w
`i Fig e 3. A we f  ed vaidai  exei  ha ye
`b ea. f he vaidai  exei  f aa ee  eva
` ae   e he hi igi(cid:12)e ha  c ai vaid daa;
`c veey eva aig  fae highigh a vaidai  fai e.
`Bady yed vaidai   ga  ae ejeced by a c ie
`i e ye checkig hae ee Seci  3.3. Wihi vaida
`i  exei  he va e f he (cid:12)ed eci(cid:12)ed i he e
`c ig aa ee ee e i efeed  a hi. Va e f
` he decaed GET ad ST aa ee ca be efe
`eced a geaa .a e ad  aa .a e eecivey.
`  hi way vaidai   e ca be deede  he va e
` f ie aa ee.
`A  be f i iive de(cid:12)ed f ci  ad biay e
`a  ae  vided. Ah gh we d   i he a hee
`h e f aic a i  ace ae ied be w:
`
`(cid:15) Aih eic ea     ad / ca be aied 
`b h iege ad (cid:13) aig  i va e. Sig c 
`caeai  i eeeed by he i(cid:12)x ea  .
`
`(cid:15) The f ci  f  aegex e   e i(cid:11)  i f
`he f  eci(cid:12)ed by eg a exei  egex.
`
`(cid:15) We  vide he f ci  id which e  he
` big f  which a a chaace ad (cid:12)ihe
`a chaace  ic ivey. Chaace f  ae 
`beed f 1.
`
`(cid:15) F ci  ae  vided  ca bewee di(cid:11)ee ye.
`F  exa e Sig.f i e  he ig
`eeeai  f iege i.
`
`(cid:15) F ci  idefied ake a aa ee f  exa
`e  aa .  geaa . ad e  a b ea
`idicaig whehe  i de(cid:12)ed i.e. ha bee aed 
`he UR i he TT e e. Uig a de(cid:12)ed
`aa ee a a ag e  ay he f ci   
`ea  ead  a dya icay geeaed e  eage.
`
`Taf  ai   e ae ch i e ha vaidai  ex
`ei  ad ae dei ied by he <af  ai > ag.
`The c e f a af  ai  ee e eed wihi
`a aa ee ee e  eci(cid:12)e a ieie f af  a
`i   be aied  daa eceived via . F  exa e if
`we away waed  ay af  ai  1 f wed by
`2  aa ee  aed via a give UR he  SD
`eci(cid:12)cai  w d c ai:
`
`<UR efix="...">
`<aa ee a e="" ...>
`<af  ai > 1 | 2 </af  ai >
`</aa ee>
`</UR>
`
`Taf  ai  ae eeced f a e de(cid:12)ed ibay. 
`  c e i e eai  we have de(cid:12)ed he f wig
`af  ai :
`
`

`
`<!EEET  icy UR c kie>
`
`<!EEET UR aa ee>
`
`<!ATT ST UR efix CDATA #RE U RED>
`
`<!EEET aa ee vaidai  af  ai >
`
`<!ATT ST aa ee eh d
`<!ATT ST aa ee a e
`<!ATT ST aa ee axegh
`<!ATT ST aa ee iegh
`<!ATT ST aa ee e ied
`<!ATT ST aa ee AC
`<!ATT ST aa ee ye
`
`GET | ST | GETadST "GETadST">
`CDATA #RE U RED>
`CDATA #RE U RED>
`CDATA
`"0">
`Y |  "">
`Y |  "Y">
`i | f a | b | ig #RE U RED>
`
`<!EEET c kie vaidai  af  ai >
`
`<!ATT ST c kie a e
`<!ATT ST c kie axegh
`<!ATT ST c kie iegh
`<!ATT ST c kie AC
`<!ATT ST c kie ye
`
`CDATA #RE U RED>
`CDATA #RE U RED>
`CDATA
`"0">
`Y |  "Y">
`i | f a | b | ig #RE U RED>
`
`<!EEET vaidai  #CDATA>
`
`<!EEET af  ai  #CDATA>
`
`<!ATT ST af  ai  h ec de Y |  "Y">
`
`Fig e 2: The X DTD f  he Sec iy  icy Decii  ag age
`
`e x
`j
`c
`j
`f e1; : : : ; ek
`j
`geaa :c
`j
` aa :c
`j
`hi
`j
`e1 h i e2
`j
`if e1 he e2 ee e3
`j
`e d : : : d i e ed
`
`vaiabe
`c a
`f ci  ca
`va e f GET aa ee
`va e f ST aa ee
`va e f hi (cid:12)ed
`biay i(cid:12)x ea 
`c dii a
` ca decaai 
`
`d va x :  = e
`j
`f  f x1 : ; : : : ; xk :  :  = e
`
`i abe bidig
`f ci  de(cid:12)ii 
`
` i j f a j ig j b
`
`ye
`
`Fig e 3: The Abac Syax f he Vaidai  ag age
`
`

`
`EcaeSige e Reace a ige  e wih hei
`T chaace ec dig.
`
`Receive
`HTTP Request
`
`EcaeD be e Reace d be  e wih hei
`T chaace ec dig.
`
`TEc de T ec de he daa. Reace ea
`chaace wih hei  eica eeeai .
`
`aiaTEc de T ec de he i  b  eave
`a  a  be f a wed ag  ched ic dig
`ye ag <b> < > ad <i> ad ach  f he f 
`</a>.
`<a hef="..."> ...
`
`Faciiy i  vided f  he e  de(cid:12)e he af  a
`i  ad ic de he i he ibay.
`We c ide he T ec dig af  ai   be
` f aic a i  ace ice iadveey f geig 
`T ec de e i  ead  C  Sie Sciig v
`eabiiie ee Seci  2. F  hi ea  we ad  he
`c vei  ha a aa ee ae T ec ded e
`exiciy eci(cid:12)ed hewie i he ec iy  icy. T  
` (cid:11) T ec dig e  e he h ec de aib e
` f he af  ai  ee e  . F  exa e e ay
`wie:
`
`...
`<af  ai  h ec de="">
`aiaTEc de | EcaeSige e
`</af  ai >
`...
`
`Reca f Fig e 2 ha a he   eve a SD de
`cii  c i f a eie f UR ad c kie ee e. We
`have aeady dic ed UR ee e i deai; i a i ia
`fahi  c kie ee e a w deige  ace vaidai 
`c ai  c kie e ed f cie achie. 
`hi eeai  we ake he i ifyig a i  ha
`c kie ae g ba ac  he wh e ie i.e. he ah a
`ib e f a Se C kie heade i TT e e ae
`e  \/". Ude hee cic ace he cie ed
`he va e f a he aicai   c kie wih each TT
`e e. Sice a cie ide ae i e  he eve i each
`e e we ca geeae AC ec ey wih  e iig
`eve ide ae i he ec iy gaeway ee Seci  3.4.2.
`3.3 Policy Compiler
`The  icy c ie ake a SD eci(cid:12)cai  a de
`cibed i Seci  3.2 ad c ie i f  exec i   he
`Sec iy Gaeway. Vaidai   e ad c ai ae a
`c ied i avaSci eady  be e bedded i f  
`ad exec ed  cie.
`C iai  i ef  ed i w ae.  he (cid:12) a
`he decaed aa ee ad hei ye ae e eaed; i
`he ec d a he c e f he vaidai  ad a
`f  ai  ee e ae c ied. Uig a w a achi
`ec e a w he e f f wad aa ee efeece. F 
`exa e c ide a UR ee e  which c ai decaa
`i  f aa ee 1 ad 2 whee 1 i decaed bef e
`2.  i efecy acceabe f  he vaidai  c de f a
`a ee 1  efe  2 ad vice vea.
`Vaidai  exei  ae ye checked a c ie i e
`heig  ei iae e  f SD vaidai  c de. 
`he c e icaai  f he ye  vaidai  exei 
`ae i y yed ha i we d   a w aa eic  y
` hi . weve h d exeiece h w hi  be
`
`Check URL and
`parameter names
`
`Pass
`
`Apply
`transformations
`
`Type
`Checking
`
`Pass
`
`Check
`MAC
`
`Pass
`
`Execute
`Validation
`Code
`
`Fetch page from server;
`Modify HTTP Response
`
`Fail
`
`Fail
`
`Fail
`
`Return Error
`Page
`
`Return
`HTTP Response
`
`Fig e 4: The ak ef  ed by he ec iy gae
`way
`
` i(cid:13)exibe hee i  ea  why e  hiicaed
`ye ye  e.g.  ye  y hi [19] c d  
`be e  yed i f  e vei .
`3.4 The Security Gateway
`Fig e 4 h w he ag ih exec ed by he Sec iy
`Gaeway  ecei f a TT e e. Fi he UR
`i exaced f he TT heade. Thi i ed  eec
`he a iae vaidai   e ad af  ai   a
`y. f he UR d e   ach ay f h e eci(cid:12)ed i
`he ec iy  icy he he e e i    agaed 
`he web eve ad a e  age i e ed  he e.
`By f biddig a UR ha d   ach h e exiciy
`i  daabae we eve a cacke ig bc e  
`adad UR ec dig echi e  cic ve he ec
`iy gaeway h  av idig aack f he kid ecey ed
`  Cic   i  Deeci  Sye [11]. Rejecig 
`eci(cid:12)ed UR a  vide a egieeig bee(cid:12): ice
`each UR e ie a c e dig SD de(cid:12)ii  egi
`ee ae f ced  kee he ec iy  icy i yc wih he
`aicai .
`avig idei(cid:12)ed a vaid UR he ec iy gaeway 
`ceed  check he a e f a aa ee ad c kie
`aed i he TT e e. E  ae geeaed if i
`ay f he aa ee ee ae   decaed i he SD
` icy; ii ay f he e ied aa ee ae iig; 
`iii he c kie ee d   eciey ach h e ec
`i(cid:12)ed i he SD eci(cid:12)cai . ce we ae  e ha he
`TT eage c ai a vaid c biai  f c kie ad
`GET/ST aa ee ye ad egh c ai ae
`checked. f ay vi ai  cc  a hi age he a deci
`ive e  eage i e ed  he cie. The ec iy
`gaeway he check ha he eage a heicai  c de
`i vaid. Seci  3.4.2 decibe hi  ce i deai.
`ex he af  ai  eci(cid:12)ed i he ec iy  icy
`ae aied. Taf  ai  ae  a f ci   ig|
`we wie af  ai  c de h d   geeae ex
`cei . weve if a bady wie af  ai  f c
`i  d e geeae a   i e excei  he he  ce i
`ab ed ad a e  eage i e ed  he cie. Fi
`ay a vaidai  exei  ae eva aed. f a f he
`vaidai  exei  eva ae   e he he TT e
` e i f waded  he web eve ad he age i feched.
`The ec iy gaeway  cee TT e e e ed
`f he web eve: avaSci vaidai  c de geeaed
`
`

`
`by he SD c ie i ieed i T f   ee
`Seci  3.4.1 axegh aib e  f  ee e ae
`e acc dig  he SD eci(cid:12)cai  ad (cid:12)ay eage
`a heicai  c de ae geeaed f  f  (cid:12)ed ad UR
`aa ee ee Seci  3.4.2 if e ied.
`
`3.4.1 Client-side Form Validation
`F  each T f  i he TT e e he ec
`iy gaeway ie avaSci c de  ef  vaidai 
`check  he cie  achie. Reca ha he iei 
` f avaSci i eey  ehace abiiy|he geeaed
`avaSci i   c ideed a  bi e f  eve ide va
`idai  checkig.
`The  ce f ieig vaidai  avaSci  f  
`iv ve he f wig e:
`
`1. The ec iy gaeway ca he T f  <f  > ag
`ad exac he deiai  UR f he f  aci 
`aib e.
`
`2. F hi deiai  UR he vaidai  c ai
` ay  f  (cid:12)ed ae dee ied.  e ha we
`a have  k a he f   eh d aib e 
`dee ie whehe he (cid:12)ed wi be e a GET 
`ST aa ee.
`
`3. A avaSci vaidai   ga i c  ced by c 
`caeaig e c ied avaSci fag e: e f 
`each f he (cid:12)ed  he f  . The avaSci c de
`ha aeady bee geeaed by he  icy c ie|
`ee Seci  3.3.
`
`4. The avaSci vaidai   ga i ieed i he
` S b i aib e f he f  ag.
`
` f hee i aeady a S b i aib e ee he he
`ec iy gaeway d e   ie he vaidai   ga .
`We ake he view ha if a f  aeady ha a S b i
`aib e he hi ve ide he a  aicay geeaed
`vaidai  avaSci.
`A we a exiciy ef cig he check eci(cid:12)ed i he
`vaidai  ee e f SD eci(cid:12)cai  he vaidai 
`avaSci a ef ce ye checkig  e ef ce i
`egh c ai ad e e ha a e ied (cid:12)ed c 
`ai daa.  e ha we d   have  w y ab  ax
`egh c ai ice hee ae ieed diecy a T
`aib e.
`
`3.4.2 Message Authentication Codes
`We have aeady ee ha a SD eci(cid:12)cai  ca de
`cae ha ceai UR aa ee  y c ai daa
`acc aied by a eage A heicai  C de AC [27]
`geeaed by he ec iy gaeway. A daa i e  he
`cie he ec iy gaeway a ae i wih AC; a daa
`i e ed

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket