Presentation: "Adding features and blocking attacks using Web security instead of client-server security"
Time: Thursday 14:05 - 15:05
Location: Concordia Room
Abstract: Most Web applications use cookies to implement a security model familiar from client-server computing, in which clients communicate with a single server and never directly communicate with each other. But the Web's not a client-server system: the browser communicates with many servers at a time and users directly exchange links amongst themselves. Consequently, the client-server security model breaks down when applied to the Web, resulting in attacks like CSRF and clickjacking and preventing legitimate sharing amongst users. This talk explains how to use web-keys, a security model designed for the Web, to block common attacks and enable rich sharing among users.