Accession Number : AD1021692

Title :   A Study of Gaps in Defensive Countermeasures for Web Security

Descriptive Note : Technical Report

Corporate Author : MIT Lincoln Laboratory Lexington United States

Personal Author(s) : Bauer,Kevin S ; Hobson,T ; Okhravi,Hamad ; Roberts,S C ; Streilein,William W

Full Text :

Report Date : 14 Oct 2016

Pagination or Media Count : 48

Abstract : Traditionally, simple defenses against web-based attacks, such as input sanitization, provide little protection against a motivated attacker with simple evasion capabilities and often have impractically high false positive and false negative rates. More effective defenses in this domain often either require significant modifications to servers and infrastructures, thus violating the federated model of such networks, or they impose high computational or operator overheads. As a result, the domain of web-based attacks requires significant research and development efforts to provide practical, effective defenses. In this report, we highlight some of the most important deployment challenges and gaps related to web-based defenses, which can be used to guide future research and development in this area.

Descriptors :   computer security , web browsers , network protocols , high level languages , operating systems , computer access control , web applications , network architecture , cyberattacks , computer programs , COUNTERMEASURES , VULNERABILITY

Subject Categories : Computer Systems Management and Standards
      Computer Programming and Software

Distribution Statement : APPROVED FOR PUBLIC RELEASE