Show simple item record

dc.contributor.authorSingaravelu, Lenin
dc.contributor.authorKauer, Bernhard
dc.contributor.authorBoettcher, Alexander
dc.contributor.authorHärtig, Hermann
dc.contributor.authorPu, Calton
dc.contributor.authorJung, Gueyoung
dc.contributor.authorWeinhold, Carsten
dc.date.accessioned2008-02-22T20:57:10Z
dc.date.available2008-02-22T20:57:10Z
dc.date.issued2007
dc.identifier.urihttp://hdl.handle.net/1853/20070
dc.description.abstractCurrent client-server applications such as online banking employ the same client-side software stack to handle information with differing security and functionality requirements, thereby increasing the size and complexity of software that needs to be trusted. While the high complexity of existing software is a significant hindrance to testing and analysis, existing software and interfaces are too widely used to be entirely abandoned. We present a proxy-based approach called FlowGuard to address the problem of large and complex client-side software stacks. FlowGuard’s proxy employs mappings from sensitiveness of information to trustworthiness of software stacks to demultiplex incoming messages amongst multiple client-side software stacks. One of these stacks is a fully-functional legacy software stack and another is a small and simple stack designed to handle sensitive information. In contrast to previous approaches, FlowGuard not only reduces the complexity of software handling sensitive information but also minimizes modifications to legacy software stacks. By allowing users and service providers to define the mappings, FlowGuard also provides flexibility in determining functionality-security tradeoffs. We demonstrate the feasibility of our approach by implementing a FlowGuard, called BLAC, for https-based applications. BLAC relies on text patterns to identify sensitive information in HTTP responses and redirects such responses to a small and simple TrustedViewer, with an unmodified legacy software stack handling the rest of the responses. We developed a prototype implementation that works with a prominent bank’s online banking site. Our evaluation shows that BLAC reduces size and complexity of software that needs to be trusted by an order of magnitude, with a manageable overhead of few tens of milliseconds per HTTP response.en_US
dc.language.isoen_USen_US
dc.publisherGeorgia Institute of Technologyen_US
dc.relation.ispartofseriesCERCS; GIT-CERCS-07-11en_US
dc.subjectApplication-level softwareen_US
dc.subjectClient-server applicationen_US
dc.subjectFlowGuarden_US
dc.subjectInformation flowen_US
dc.subjectInterfaceen_US
dc.subjectSoftwareen_US
dc.subjectSplittingen_US
dc.subjectTrusted Computing Basesen_US
dc.titleEnforcing Configurable Trust in Client-side Software Stacks by Splitting Information Flowen_US
dc.typeTechnical Reporten_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record