Difference between revisions of "Cross Site Browsing - The Application"

From Master Projects
Jump to: navigation, search
(Removing all content from page)
Line 1: Line 1:
|Contact person=Bruno Crispo
|Master areas=Internet and Web Technology
Browsing the web is an activity that involves visiting multiple web sites; whenever a web site provides sensitive information, a properly encrypted channel is
normally established (e.g. https). Examples of sensitive information are health
records, financial information, email messages, travel receipts; what is not sen
sitive is, in turn, something more blurred as it depends on the context: a user
reading an economical newspaper discloses a negligible amount of privacy; a
user reading an economical newspaper, just before an online trading activity,
may disclose on the contrary the owned stock options. This leads us to che
concept of private task; in other words to the concept of a cross site browsing
(XSB) session that needs to be secured.
A trivial solution may appear to enforce the use of an encrypted channel for
each communication; many protocols such as https may be employed. Unfortunately this is way far from being practical and economical sustainable (a SSL
certificate costs money and computational power); more importantly, providing
confidentiality does not automatically imply privacy. Encryption does not hide
the message size: if the size univocally identifies a resource, an attacker does not
need to break the cipher to assess its content (though he needs to profile the resource before). In conclusion, we can identify two different, yet intercorrelated,
• A client should be able to explicitly request a proper encrypted channel.
• The encrypted channel should anonymize resources that are univocally
More project info here: [http://www.few.vu.nl/~mconti/prj/thesisprojects/paper_CrossSiteBrowsing.pdf].

Latest revision as of 14:32, 2 December 2012