General method for HTTP messages authentication based on hash functions in web applications

D. N. Kolegov

D. N. Kolegov

Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 85-89 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

Résumé

HTTP messages authentication method for web applications is offered. The method can protect web application against attack based on authentication and authorization weaknesses. It is showed how HTTP authentication can be expressed in the terms of the attribute based access control model (ABAC). Implementation of the ABAC access control decision mechanism can use an authentication cryptographic protocol.

Keywords: ABAC, cryptographic protocols, message authentication
Mots-clés : web applications.

@article{PDMA_2014_7_a37,
     author = {D. N. Kolegov},
     title = {General method for {HTTP} messages authentication based on hash functions in web applications},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {85--89},
     year = {2014},
     number = {7},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/}
}

TY  - JOUR
AU  - D. N. Kolegov
TI  - General method for HTTP messages authentication based on hash functions in web applications
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2014
SP  - 85
EP  - 89
IS  - 7
UR  - http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/
LA  - ru
ID  - PDMA_2014_7_a37
ER  -

%0 Journal Article
%A D. N. Kolegov
%T General method for HTTP messages authentication based on hash functions in web applications
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2014
%P 85-89
%N 7
%U http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/
%G ru
%F PDMA_2014_7_a37

D. N. Kolegov. General method for HTTP messages authentication based on hash functions in web applications. Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 85-89. http://geodesic.mathdoc.fr/item/PDMA_2014_7_a37/

Bibliographie
Cité par

[1] Cheremushkin A. V., Kriptograficheskie protokoly. Osnovnye svoistva i uyazvimosti, Ucheb. posobie dlya stud. uchrezhdenii vyssh. prof. obrazovaniya, Izdatelskii tsentr “Akademiya”, M., 2009, 272 pp.

[2] Reducing web application attack surface, http://blog.spiderlabs.com/2012/07/reducing-web-apps-attack-surface.html

[3] Signing and Authenticating REST Requests, http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html

[4] Facebook developers reference, https://developers.facebook.com/docs/reference/php/facebook-getSignedRequest

[5] Barth A., Jackson C., Mitchell J., “Robust defences for cross-site request forgery”, Proc. 15th ACM Conf. on Computer and Communications Security, ACM Press, 2008, 75–87

[6] ModSecurity Advanced Topic of the Week: HMAC Token Protection, http://blog.spiderlabs.com/2014/01/modsecurity-advanced-topic-of-the-week-hmac-token-protection.html

[7] Understanding ASP.NET View State, http://msdn.microsoft.com/library/ms972976.aspx

[8] NIST 800-162. Guide to Attribute Based Access Control (ABAC) Definition and Considerations, http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf

Parcourir par

Geodesic

Parcourir par