Web-key: Mashing with Permission Highlights and examples from the paper, and an open discussion.

Slides:



Advertisements
Similar presentations
Catalog REST for data providers ECHO Technical Interchange 04/30/13 3:15pm EST Doug Newman.
Advertisements

A Guide to Digital Campus
Installation Procedure for Synapse PACS version (Windows XP)
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.
Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.
Spendvision Approvals Presentation Julie McConnell Spendvision Administrator.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
The Internet & Web Browsers Business Webpage Design Kelly Seale.
Scope The eInvoicing project was created to meet the Local Regulations for invoicing and tax reporting effective on May 2009, which requires that all the.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Moodle site sign in instructions..  To restate the definition of Moodle from their web site "Moodle is an Open Source Course Management System (CMS),
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Online Open Enrollment with HRC Total Solutions Online Enrollment in your Health Savings Account (HSA)
eService Ticket Management Shortcut
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Semester 1 CHAPTER 15.
Selenium Web Test Tool Training Using Ruby Language Discover the automating power of Selenium Kavin School Kavin School Presents: Presented by: Kangeyan.
Selenium Web Test Tool Training Using Ruby Language Discover the automating power of Selenium Kavin School Kavin School Presents: Presented by: Kangeyan.
Connecting to USF Network for Web Site SSH Secure Shell is the FTP program you will use to download your http files onto the USF server. To get the SSH.
Reliability & Desirability of Data
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Ku-Yaw Chang Assistant Professor, Department of Computer Science and Information Engineering Da-Yeh University.
Another Method to Open WebSpace as a Web Folder Alternative Method for Creating Web Folder in WebSpace, Slide 1Copyright © 2004, Jim Schwab, University.
Once you have contacted me to set up a new account, your computer needs to be configured to dial into.DevlinEx and use our servers for things like .
IT Introduction to Information Technology. The Internet & World Wide Web Began in 1969 with the ARPANET (Advanced Research Project Agency Network)
IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.
Introduction to HTML. What is a HTML File?  HTML stands for Hyper Text Markup Language  An HTML file is a text file containing small markup tags  The.
CPSC203 Introduction to Computers Lab 33 By Jie Gao.
New & Improved Events List Relationships and Joins Large List Support Field & List Item Validation.
Selenium Web Test Tool Training Discover The Automating Power Of Selenium Author : Girija Prasad Panda Alcatel-Lucent.
1 Patron Data Management and Library Systems: A Vendor Perspective ALA Conference Summer, 2004.
HTML, Third Edition--Illustrated Brief 1 HTML, Third Edition Illustrated Brief Unit A Creating an HTML Document.
Student Experience It’s your education Type the web site address into the browser given to you by your junior high or high school Select “I am a student”
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
IBM DB2 Web Query for System i. DB2 Web Query for System i Open Windows Internet Explorer, type in the address bar the following with your system name.
WAMP Windows Apache MySQL and PHP i.e. “WAMP”. Why WAMP? WampServer is a Windows web development environment. It allows you to create and test web pages.
A Euronet Worldwide Company Welcome to epay WebPOS! Use this index to find detailed instructions for WebPOS and begin taking payments today!! 1.Downloading.
Creating a SIS account. Type in address into web browser Explorer, Firefox or Chrome  dcs.org dcs.org.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Instructions: 1. Pick a partner at your new table (no more than three in a group) 2. Check out one iPad for you and your partner(s) 3. Go to google.com.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Portaportal Portaportal is a web based bookmarking utility that lets you store links to your favorite websites online. Now your bookmarks are no longer.
Day 1 on Tech Use March 26, Students ◦ Log in at:  j.mp/cmsgaggle (don’t use www or  use FireFox browser ◦ Username: flastxxxx  first.
Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.
IS2803 Developing Multimedia Applications for Business (Part 2) Lecture 2: Introduction to IS2803 Rob Gleasure
CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.
The Internet & Web Browsers Business Webpage Design Created by Kelly Seale Adapted by Jill Einerson.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
By Anirban Sen Chowdhary. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful.
ArcGIS for Server Security: Advanced
Surface 3 Tablet Set-Up Instructions.
Logging Into Windows XP for first time (labs only!)
Introduction to HTML.
How to search and checkout Ebooks in Destiny Online Catalog
How to Register OSLIS 2.0 Please NOTE that registration is NOT required to use OSLIS 2.0. It adds additional options for storing and sharing items in.
Some bits on how it works
NFX Q-Port on-boarding guide
New Learning Management System
Riding Someone Else’s Wave with CSRF
Configuring Internet-related services
User Registration.
Lecture 5: Functions and Parameters
JavaScript.
This presentation uses a free template provided by FPPT.com Hotmail Help Contact Number USA
This presentation uses a free template provided by FPPT.com Hotmail Help Contact Number USA
Presentation transcript:

web-key: Mashing with Permission Highlights and examples from the paper, and an open discussion

Security vs. the Web Casualties of the username/password: –Global identification Sharing a resource by passing a URL –Orthogonality Hypertext can refer to a resource by URL only –Global scope A URL means the same thing everywhere Got us the Same Origin Policy

Security vs. the Web … and often doesnt actually result in the security we wanted –Loss of global identification User revolt to something you know –Loss of orthogonality Pervasive prompting => phishing –Loss of global scope XSRF: this global identifier means something different when you use it –My Access Control List doesnt control access?

The Web with security What security properties can we add to the Web without breaking it and would they be useful in real applications? –A URL is a lot like a reference. –Capability-security gets its security from enforcing the properties of references. –Check the protocols and clients to see if its a good fit.

The Web as capability system Referer header almost makes the Web a dynamically scoped language Some referential integrity from HTTPS Windowing API in the browser is hysterical –Survivable, but does require some care Address bar shows reference bits –Can mitigate or ignore if no ones looking

Global Id, Orthogonality, Global Scope Global id = Just click Orthogonality = No prompting Global scope = no XSRF Global scope = no need for Same Origin Global id = fine grained access for mashup

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.