Authors: Calzavara, Stefano | Naumann, David
Article Type: Editorial
DOI: 10.3233/JCS-230950
Citation: Journal of Computer Security, vol. 31, no. 5, pp. 419-420, 2023
Authors: Calzavara, Stefano | Rabitti, Alvise | Bugliesi, Michele
Article Type: Research Article
Abstract: Since cookies act as the only proof of a user identity, web sessions are particularly vulnerable to session hijacking attacks, where the browser run by a given user sends requests associated to the identity of another user. When n > 1 cookies are used to implement a session, there might actually be n sub-sessions running at the same website, where each cookie is used to retrieve part of the state information related to the session. Sub-session hijacking breaks the ideal view of the existence of a unique user session by selectively hijacking m sub-sessions, with m < n . This …may reduce the security of the session to the security of its weakest sub-session. In this paper, we take a systematic look at the root causes of sub-session hijacking attacks and we introduce sub-session linking as a possible defense mechanism. Out of two flavors of sub-session linking desirable for security, which we call intra-scope and inter-scope sub-session linking respectively, only the former is relatively smooth to implement. Luckily, we also identify programming practices to void the need for inter-scope sub-session linking. We finally present Warden, a server-side proxy which automatically enforces intra-scope sub-session linking on incoming HTTP(S) requests, and we evaluate it in terms of protection, performances, backward compatibility and ease of deployment. Show more
Keywords: Web application security, web sessions, HTTP cookies
DOI: 10.3233/JCS-181149
Citation: Journal of Computer Security, vol. 27, no. 2, pp. 233-257, 2019
Authors: Calzavara, Stefano | Ferrara, Pietro | Lucchese, Claudio
Article Type: Research Article
Abstract: Machine learning has proved invaluable for a range of different tasks, yet it also proved vulnerable to evasion attacks, i.e., maliciously crafted perturbations of inputs designed to force mispredictions. In this article we propose a novel technique to certify the security of machine learning models against evasion attacks with respect to an expressive threat model, where the attacker can be represented by an arbitrary imperative program. Our approach is based on a transformation of the model under attack into an equivalent imperative program, which is then analyzed using the traditional abstract interpretation framework. This solution is sound, efficient and general …enough to be applied to a range of different models, including decision trees, logistic regression and neural networks. Our experiments on publicly available datasets show that our technique yields only a minimal number of false positives and scales up to cases which are intractable for a competitor approach. Show more
Keywords: Adversarial machine learning, abstract interpretation, evasion attacks, security certification
DOI: 10.3233/JCS-210133
Citation: Journal of Computer Security, vol. 31, no. 1, pp. 57-84, 2023
Authors: Bugliesi, Michele | Calzavara, Stefano | Focardi, Riccardo | Khan, Wilayat
Article Type: Research Article
Abstract: Session cookies constitute one of the main attack targets against client authentication on the Web. To counter these attacks, modern web browsers implement native cookie protection mechanisms based on the HttpOnly and Secure flags. While there is a general understanding about the effectiveness of these defenses, no formal result has so far been proved about the security guarantees they convey. With the present paper we provide the first such result, by presenting a mechanized proof of noninterference assessing the robustness of the HttpOnly and Secure cookie flags against both web and network attackers with the ability to perform arbitrary XSS …code injection. We then develop CookiExt , a browser extension that provides client-side protection against session hijacking, based on appropriate flagging of session cookies and automatic redirection over HTTPS for HTTP requests carrying these cookies. Our solution improves over existing client-side defenses by combining protection against both web and network attacks, while at the same time being designed so as to minimise its effects on the user’s browsing experience. Finally, we report on the experiments we carried out to practically evaluate the effectiveness of our approach. Show more
Keywords: Browser security, session cookies, formal methods, noninterference
DOI: 10.3233/JCS-150529
Citation: Journal of Computer Security, vol. 23, no. 4, pp. 509-537, 2015