• Title/Summary/Keyword: Web browsers

Search Result 159, Processing Time 0.029 seconds

Analysis of Web Browser Security Configuration Options

  • Jillepalli, Ananth A.;de Leon, Daniel Conte;Steiner, Stuart;Alves-Foss, Jim
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.12
    • /
    • pp.6139-6160
    • /
    • 2018
  • For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.

Threat Diagnosis and Security Verification of Services Using Server-Side Browsers (서버 측 브라우저를 활용한 서비스들의 보안 위협 진단 및 안전성 검증)

  • Min-sang Lee;Hyoung-kee Choi
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.693-706
    • /
    • 2024
  • The browser is utilized to render web pages in programs that perform tasks such as data extraction, format conversion, and development testing on web pages. Online services that utilize browsers can cause security issues if browser information is exposed or used in an unsafe manner. This paper presents security requirements for the safe use of browsers and explains the security threats that arise if these requirements are not met. Through evaluation, the security verification of commercial web applications is conducted, and the vulnerabilities that allow browsers to be exploited as attack tools are analyzed.

A Design of HTML5-based Service Migration Technology between Heterogeneous Browsers (이종 브라우저 간 HTML5 기반 서비스 이동기술 설계)

  • Song, Eun-Ji;Kim, Geun-Hyung
    • Journal of Korea Multimedia Society
    • /
    • v.16 no.3
    • /
    • pp.342-353
    • /
    • 2013
  • The Internet has become a part of our lives. As the number of devices with Internet accessibility increases, users can use web services with those devices anytime, anywhere. Web contents on the web page can be delivered to user in various forms for various devices and users want to use seamlessly the contents with an appropriate device. Web browser extension is function to add features that are not supported by default browser. All browsers support extensions that provide the same services for cross-browser. In this paper, We proposed object migration architecture between heterogeneous browsers by expanding our proposed mechanism that identifies objects and the information of those objects to be migrated in the web page, extracts the object and creates object after migration. For this purpose, we analyzed the extension architecture of representative browsers and investigated necessary files to develop objects migration extension. In addition, We investigated how to send and receive message among files in each browser extension and the interaction mechanism among those files. Finally, We implemented the object migration mechanisms between heterogeneous browsers.

A Design of the Active Web Server Supporting Synchronous Collaboration in the Web-Based Groupware Systems (동기화된 협동을 지원하기 위한 능동형 웹 서버 설계)

  • 허순영;배경일
    • Journal of the Korean Operations Research and Management Science Society
    • /
    • v.24 no.4
    • /
    • pp.157-170
    • /
    • 1999
  • The web-based groupware systems hold many possibilities for system developers and users. Especially, web-based group collaborative systems are emerging as enterprise-wide information systems. Since data in group collaborative systems are apt to be shared among multiple concurrent users and modified simutaneously by them, the web-based group collaborative systems must support synchronous collaboration in order to provide users with synchronized and consistent views of shared data. However, current web technologies have limitations in supporting this, largely because the existing Hypertext Transfer Protocol(HTTP) is unidirectional and does not allow web servers to send messages to their web browsers without first receiving requests from them. This paper proposes an active web server that can overcome such limitations and facilitate synchronous collaboration in web-based group collaborative systems. To accomplish such goals, the active web server manages dependency relationships beween shared data and web browsers referencing them and actively propagates changing details of the shared data to all web browsers referencing them. And, this paper examines usefulness and effectiveness of the active web server to apply it to the ball-bearing design example of concurrent engineering design systems. The prototype system of the active web server is developed on a commercial Object-oriented Database Management System(0DBMS) called OBJECTSTERE using the C++ programming language.

  • PDF

WEBIO Libraries for C and Prolog Languages (C 및 Prolog 언어용 웹 입출력 라이브러리)

  • 신동하
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.6 no.5
    • /
    • pp.755-761
    • /
    • 2002
  • Before the Internet was available, most application programs were executed using terminals, connected to host computers, as standard input output devices. The Internet is popular today and many services are provided on web browsers connected to the Internet. Since the standard I/O method used for terminals is different from the communication I/O methods used for web browsers, it is not possible to execute many application programs developed for the conventional terminals on web browsers. In this paper, we describe Web Input Output(WEBIO) library that enables application programs conventional on terminals to be executed on web browsers by recompilation without source modification. The WEBIO libraries for C and Prolog languages have been developed and they are under test now.

Analysis of the Functions of Semantic Web Browsers and Their Applications in Education (시맨틱 웹 브라우저들의 기능 분석 및 교육적 활용)

  • Kim, Hee-Jin;Jung, Hyo-Sook;Yoo, Su-Jin;Park, Seong-Bin
    • The Journal of Korean Association of Computer Education
    • /
    • v.14 no.3
    • /
    • pp.37-49
    • /
    • 2011
  • A user can use resources on the Semantic Web using a Semantic Web browser. In order to utilize the functions of Semantic Web browsers in education, we compared the functions of well-known Semantic Web browsers such as Tabulator, Contextual Search Browser (CSB), Magpie, and Piggy Bank. In order to utilize Semantic Web browsers in education, a user needs to understand the features of each Semantic Web browser and our work can help both teachers and students. Tabulator is an RDF browser that can help to check whether resources can be used for learning and relevance of resources. CSB can be used to search educational resources using a conrtext file that contains the subjects of learning. It can also help learning by showing semantic web resources in the form of triple set as well as by supporting highlighting function. Magpie can help learners without basic knowledge on learning materials by providing interpretation based on a glossary file and related background knowledge. Piggy Bank supports conversion of web resources into semantic web resources and allows to browse semantic web resources in various views as well as to share semantic web resources.

  • PDF

Assessing Web Browser Security Vulnerabilities with respect to CVSS

  • Joh, HyunChul
    • Journal of Korea Multimedia Society
    • /
    • v.18 no.2
    • /
    • pp.199-206
    • /
    • 2015
  • Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

A Design of the Active Web Server Supporting Synchronous Collaboration in the Web-Based Group Collaboration Systems (웹 기반 그룹 협동 시스템에서 동기화된 협동을 지원하기 위한 능동형 웹 서버 설계)

  • 허순영;배경일
    • Proceedings of the Korea Database Society Conference
    • /
    • 1999.06a
    • /
    • pp.95-102
    • /
    • 1999
  • The web-based group collaborative systems are emerging as enterprise-wide information systems. Since data in group collaborative systems are apt to be shared among multiple concurrent users and modified simutaneously by them, the web-based group collaborative systems must support synchronous collaboration in order to provide users with synchronized and consistent views of shared data. This Paper proposes an active web server which can facilitate synchronous collaboration in web-based group collaborative systems. To accomplish such a goal, the active web server manages dependency relationships between shared data and web browsers referencing them and actively propagates changing details of the shared data to all web browsers referencing them. And, this paper examines usefullness and effectiveness of the active web server to apply it to the ball-bearing design example of concurrent engineering design systems. The prototype system of the active web server is developed on a commercial Object-oriented Database Management System (ODBMS) called OBJECTSTORE using the C++ programming language.

  • PDF

A Design of the Active Web Server Supporting Synchronous Collaboration in the Web-Based Group Collaboration Systems (웹 기반 그룹 협동 시스템에서 동기화된 협동을 지원하기 위한 능동형 웹 서버 설계)

  • 허순영;배경일
    • Proceedings of the Korea Inteligent Information System Society Conference
    • /
    • 1999.03a
    • /
    • pp.95-102
    • /
    • 1999
  • The web-based group collaborative systems are emerging as enterprise-wide information systems. Since data in group collaborative systems are apt to be shared among multiple concurrent users and modified simutaneously by them, the web-based group collaborative systems must support synchronous collaboration in order to provide users with synchronized and consistent views of shared data. This paper proposes an active web server which can facilitate synchronous collaboration in web-based group collaborative systems. To accomplish such a goal, the active web server manages dependency relationships between shared data and web browsers referencing them and actively propagates changing details of the shared data to all web browsers referencing them. And, this paper examines usefullness and effectiveness of the active web server to apply it to the ball-bearing design example of concurrent engineering design systems. The prototype system of the active web server is developed on a commercial Object-oriented Database Management System (ODBMS) called OBJECTSTORE using the C++ programming language.

  • PDF

Implementation of an open platform for 3D spatial information based on WebGL

  • Lee, Ahyun;Jang, Insung
    • ETRI Journal
    • /
    • v.41 no.3
    • /
    • pp.277-288
    • /
    • 2019
  • VWorld is run by the Ministry of Land, Infrastructure, and Transport of South Korea and provides national spatial information, such as aerial images, digital elevation models, and 3D structural models. We propose herein an open platform for 3D spatial information based on WebGL using spatial information from VWorld. WebGL is a web-based graphics library and has the advantage of being compatible with various web browsers. Our open platform is also compatible with various web browsers. Accordingly, it is easily accessible via the VWorld site and uses the three-dimensional (3D) map program. In this study, we describe the proposed platform configuration, and the requests, management, and visualization approaches for VWorld spatial information data. Our aim is to establish an approach that will provide a stable rendering speed even on a low-end personal computer without a graphics processing unit based on a quadtree structure. We expect that users will be able to visualize 3D spatial information through the VWorld open platform, and that the proposed platform will become the basis for various applications.