Skip to main content
Conference ProceedingsOPEN ACCESS

Model-based detection of CSRF

IFIP Advances in Information and Communication Technology (2014) 428 30-43
DOI: 10.1007/978-3-642-55415-5_3
14Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Cross-Site Request Forgery (CSRF) is listed in the top ten list of the Open Web Application Security Project (OWASP) as one of the most critical threats to web security. A number of protection mechanisms against CSRF exist, but an attacker can often exploit the complexity of modern web applications to bypass these protections by abusing other flaws. We present a formal model-based technique for automatic detection of CSRF. We describe how a web application should be specified in order to facilitate the exposition of CSRF-related vulnerabilities. We use an intruder model, `a la Dolev-Yao, and discuss how CSRF attacks may result from the interactions between the intruder and the cryptographic protocols underlying the web application. We demonstrate the effectiveness and usability of our technique with three real-world case studies.

Cite

CITATION STYLE

APA

Rocchetto, M., Ochoa, M., & Dashti, M. T. (2014). Model-based detection of CSRF. In IFIP Advances in Information and Communication Technology (Vol. 428, pp. 30–43). Springer Science and Business Media, LLC. https://doi.org/10.1007/978-3-642-55415-5_3

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free