HTTP messages authentication method for web applications is offered. The method can protect web application against attack based on authentication and authorization weaknesses. It is showed how HTTP authentication can be expressed in the terms of the attribute based access control model (ABAC). Implementation of the ABAC access control decision mechanism can use an authentication cryptographic protocol.
Download file
Counter downloads: 135
- Title General method for HTTP Messages authentication based on hash functions in Web applications
- Headline General method for HTTP Messages authentication based on hash functions in Web applications
- Publesher
Tomsk State University
- Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 7 (Приложение)
- Date:
- DOI
Keywords
web applications, cryptographic protocols, message authentication, ABAC, веб-приложения, аутентификация сообщений, криптографические протоколыAuthors
References
NIST 800-162. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp. 800-162.pdf
Understanding ASP.NET View State. http://msdn.microsoft.com/library/ms972976.aspx
ModSecurity Advanced Topic of the Week: HMAC Token Protection. http://blog. spiderlabs.com/2014/01/modsecurity-advanced-topic-of-the-week-hmac-token-pro-tection.html
Barth A., Jackson C., and Mitchell J. Robust defences for cross-site request forgery // Proc. 15th ACM Conf. on Computer and Communications Security. ACM Press, 2008. P. 75-87.
Facebook developers reference. https://developers.facebook.com/docs/reference/php/ facebook-getSignedRequest
Reducing web application attack surface. http://blog.spiderlabs.com/2012/07/ reducing-web-apps-attack-surface.html
Signing and Authenticating REST Requests. http://docs.aws.amazon.com/AmazonS3/ latest/dev/RESTAuthentication.html
Черемушкин А. В. Криптографические протоколы. Основные свойства и уязвимости: учеб. пособие для студ. учреждений высш. проф. образования. М.: Издательский центр «Академия», 2009. 272 с.

General method for HTTP Messages authentication based on hash functions in Web applications | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2014. № 7 (Приложение).
Download full-text version
Counter downloads: 1917