Show simple item record

dc.contributor.authorNourijelyani, Mohammad
dc.contributor.otherQueen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))en
dc.date2014-11-19 11:02:55.382en
dc.date2014-11-24 10:32:21.362en
dc.date.accessioned2014-11-26T19:30:11Z
dc.date.available2014-11-26T19:30:11Z
dc.date.issued2014-11-26
dc.identifier.urihttp://hdl.handle.net/1974/12622
dc.descriptionThesis (Master, Computing) -- Queen's University, 2014-11-24 10:32:21.362en
dc.description.abstractIn the ubiquity era, each user has multiple devices; hence an attractive model is to have applications that execute in a client’s web browser instead of developing a native application for each device. JavaScript is the language of the browser and the power available in these devices has motivated developers to move functionality to the client side. This raises the question of securing JavaScript applications since code executed on the browser is visible in plain text to potential adversaries. To identify the context in which JavaScript attacks take place, we discuss different styles of software architecture and conclude that the architecture relevant to our study is client/server with a monolithic, event driven client where a significant amount of the application’s logic sits on the client side. We discuss threat modeling methodologies and explain how this thesis fits into the attack extraction phase of threat modeling and we define a taxonomy for JavaScript attacks. We have collected a set of man in the middle attacks for JavaScript where the attacker actively eavesdrops on the connection. We have also included man at the end, or White Box, attacks where the attacker has control over both the execution platform and the software implementation. These attacks have been used in conventional programming languages and we have adapted them to JavaScript. White Box attacks have become significant in web applications due to the move of sensitive functionality to the client side and have especially been the concern of digital rights management.en_US
dc.languageenen
dc.language.isoenen_US
dc.relation.ispartofseriesCanadian thesesen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectAttacksen_US
dc.subjectSecurityen_US
dc.subjectJavaScripten_US
dc.subjectTaxonomyen_US
dc.titleTaxonomy for JavaScript Attacksen_US
dc.typethesisen_US
dc.description.degreeMasteren
dc.contributor.supervisorDean, Thomas R.en
dc.contributor.departmentComputingen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record