Difference between revisions of "Cross Site Browsing - The Application"

From Master Projects
Jump to: navigation, search
(Removing all content from page)
 
Line 1: Line 1:
{{Projectproposal
 
|Contact person=Bruno Crispo
 
|Master areas=Internet and Web Technology
 
|Fulfilled=No
 
}}
 
Browsing the web is an activity that involves visiting multiple web sites; whenever a web site provides sensitive information, a properly encrypted channel is
 
normally established (e.g. https). Examples of sensitive information are health
 
records, financial information, email messages, travel receipts; what is not sen
 
sitive is, in turn, something more blurred as it depends on the context: a user
 
reading an economical newspaper discloses a negligible amount of privacy; a
 
user reading an economical newspaper, just before an online trading activity,
 
may disclose on the contrary the owned stock options. This leads us to che
 
concept of private task; in other words to the concept of a cross site browsing
 
(XSB) session that needs to be secured.
 
A trivial solution may appear to enforce the use of an encrypted channel for
 
each communication; many protocols such as https may be employed. Unfortunately this is way far from being practical and economical sustainable (a SSL
 
certificate costs money and computational power); more importantly, providing
 
confidentiality does not automatically imply privacy. Encryption does not hide
 
the message size: if the size univocally identifies a resource, an attacker does not
 
need to break the cipher to assess its content (though he needs to profile the resource before). In conclusion, we can identify two different, yet intercorrelated,
 
problems:
 
• A client should be able to explicitly request a proper encrypted channel.
 
• The encrypted channel should anonymize resources that are univocally
 
identifiable.
 
  
 
More project info here: [http://www.few.vu.nl/~mconti/prj/thesisprojects/paper_CrossSiteBrowsing.pdf].
 

Latest revision as of 14:32, 2 December 2012