Accession Number : AD1021692


Title :   A Study of Gaps in Defensive Countermeasures for Web Security


Descriptive Note : Technical Report


Corporate Author : MIT Lincoln Laboratory Lexington United States


Personal Author(s) : Bauer,Kevin S ; Hobson,T ; Okhravi,Hamad ; Roberts,S C ; Streilein,William W


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1021692.pdf


Report Date : 14 Oct 2016


Pagination or Media Count : 48


Abstract : Traditionally, simple defenses against web-based attacks, such as input sanitization, provide little protection against a motivated attacker with simple evasion capabilities and often have impractically high false positive and false negative rates. More effective defenses in this domain often either require significant modifications to servers and infrastructures, thus violating the federated model of such networks, or they impose high computational or operator overheads. As a result, the domain of web-based attacks requires significant research and development efforts to provide practical, effective defenses. In this report, we highlight some of the most important deployment challenges and gaps related to web-based defenses, which can be used to guide future research and development in this area.


Descriptors :   computer security , web browsers , network protocols , high level languages , operating systems , computer access control , web applications , network architecture , cyberattacks , computer programs , COUNTERMEASURES , VULNERABILITY


Subject Categories : Computer Systems Management and Standards
      Computer Programming and Software


Distribution Statement : APPROVED FOR PUBLIC RELEASE