FlowWatcher : Defending against Data Disclosure Vulnerabilities in Web Applications
- Submitting institution
-
Royal Holloway and Bedford New College
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 31356302
- Type
- E - Conference contribution
- DOI
-
10.1145/2810103.2813639
- Title of conference / published proceedings
- CCS '15 : Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
- First page
- 603
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- October
- Year of publication
- 2015
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
5
- Research group(s)
-
-
- Citation count
- 9
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This paper was accepted for publication at CCS 2015, a top-tier venue for computer security research (2015 acceptance rate 19.4%/660). It proposes a proxy-based approach to prevent accidental data disclosure by web applications due to authorisation logic bugs, which are common in modern complex web applications. In contrast to previous approaches based on static or dynamic program analysis it is language and runtime independent, efficient, and easy to deploy. The proxy-based approach inspired subsequent research into detecting service integrity violations (EuroSys '18).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -