Abstract
JavaScript has become the language of reference for programming the client-side logics of web-applications. However, there is no native full support to protect the integrity of this code from modifications conducted by the server where it is hosted. Many election applications, including internet voting solutions, are based on this language. Thus, if the server that hosts the code is compromised, a modified version of the code could be served and some election security properties affected, e.g. voter privacy, vote integrity, and so on. Furthermore, the usage of a Content Delivery Network (CDN) to mitigate Distributed Denial-of-Service (DDoS) attacks on internet voting solutions has been called into question for similar reasons. A malicious administrator of the hosting provider could have the opportunity to modify JavaScript files affecting the web application’s code integrity. In order to tackle this problem, in this article we propose a solution that mitigates those risks by using a service called wraudit that transparently monitors the integrity of the published code. The service design and implementation are presented and the first insights from our experience using it are explained.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Web Technology Surveys. https://w3techs.com/technologies/details/cp-javascript/all/all. Accessed 9 July 2018
Signed Scripts in Mozilla. https://www-archive.mozilla.org/projects/security/components/signed-scripts.html. Accessed 9 July 2018
W3C Subresource Integrity. https://www.w3.org/TR/SRI/. Accessed 9 July 2018
Soni, P., Budianto, E., Saxena, P.: The SICILIAN defense: signature-based whitelisting of Web JavaScript. In: ACM Conference on Computer and Communications Security (2015)
The Transport Layer Security (TLS) Protocol Version 1.2. https://tools.ietf.org/html/rfc5246. Accessed 9 July 2018
Culnane, C., Eldridge, M., Essex, A., Teague, V.: Trust implications of DDoS protection in online elections. In: Krimmer, R., et al. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 127–145. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68687-5_8
Alves, R., Belo, O., Lourenço, A.: A heuristic-regression approach to crawler pattern identification on clickstream data
Lourenço, A., Belo, O.: Applying clickstream data mining to real-time web crawler detection and containment using clicktips platform. In: Decker, R., Lenz, H.-J. (eds.) Advances in Data Analysis. SCDAKO, pp. 351–358. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70981-7_39
Tan, P.-N., Kumar, V.: Discovery of web robot sessions based on their navigational patterns. Data Min. Knowl. Discov. 6, 9–35 (2002). https://doi.org/10.1023/A:1013228602957
Broenink, R.: Using browser properties for fingerprinting purposes. In: 16th biennial Twente Student Conference on IT, Enschede, Holanda, p. 85, January 2012
Calzarossa, M.C., Massari, L.: Analysis of header usage patterns of HTTP request messages. In: 2014 IEEE International Conference on High Performance Computing and Communications, 2014 IEEE 6th International Symposium on Cyberspace Safety and Security, 2014 IEEE 11th International Conference on Embedded Software and Syst (HPCC, CSS, ICESS), pp. 847–853. IEEE, August 2014
Stassopoulou, A., Dikaiakos, M.D.: A probabilistic reasoning approach for discovering web crawler sessions. In: Dong, G., Lin, X., Wang, W., Yang, Y., Yu, J.X. (eds.) APWeb/WAIM -2007. LNCS, vol. 4505, pp. 265–272. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72524-4_29
Detecting Chrome Headless. https://antoinevastel.com/bot%20detection/2017/08/05/detect-chrome-headless.html. Accessed 9 July 2018
Detecting Chrome headless, new techniques. https://antoinevastel.com/bot%20detection/2018/01/17/detect-chrome-headless-v2.html. Accessed 9 July 2018
Cucurull, J., Puiggalí, J.: Distributed immutabilization of secure logs. In: Barthe, G., Markatos, E., Samarati, P. (eds.) STM 2016. LNCS, vol. 9871, pp. 122–137. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46598-2_9
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Salvador, D., Cucurull, J., Julià, P. (2018). wraudit: A Tool to Transparently Monitor Web Resources’ Integrity. In: Groza, A., Prasath, R. (eds) Mining Intelligence and Knowledge Exploration. MIKE 2018. Lecture Notes in Computer Science(), vol 11308. Springer, Cham. https://doi.org/10.1007/978-3-030-05918-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-05918-7_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05917-0
Online ISBN: 978-3-030-05918-7
eBook Packages: Computer ScienceComputer Science (R0)