Automating DOM-based Cross Site Scripting Protections on Chromium and Chromium-based browsers; Investigating barriers to pipelining food assistance to America’s food insecure via web platforms
Wilson, Dale, School of Engineering and Applied Science, University of Virginia
Tian, Yuan, EN-Comp Science Dept, University of Virginia
Jacques, Richard, EN-Engineering and Society, University of Virginia
Billions of individuals, ranging from your everyday consumer to captains of industry and country presidents, interface with the world wide web via an internet browser every day. Both my STS and technical research topics concern the security of end-users who interact with web applications through a web browser. My technical report investigates a compatible, easy-to-implement defense for engineers who wish to develop and defend their web applications from DOMXSS attacks, a nefarious attack that can be impossible for web application developers to detect on their servers as the malicious attack information may never leave a web application end user’s browser. My STS research report investigates the current roadblocks to participation in food assistance programs, how these roadblocks might be alleviated with a migration to web application based platforms for managing enrollment, and the drawbacks in security for proposed web migrations.
Analyzing the roadblocks of food assistance program adoption across distributed communities creates a better picture of the programs’ inefficiencies. Actor-network theory explains why some barriers to entry exist; relationships between an individual who experiences food insecurity and aid programs as well as the current social climate helps define these barriers. The research I cite reveals why these barriers could exist and support the proposal that continued adoption of Internet Connected Technologies (ICT’s) could help alleviate these barriers. However, the conclusions of my STS research should also caution the careless adoption and reliance on ICT’s for infrastructure’s that can place the most needy at risk.
While trying to land on a topic for my STS research, I realized elements from my food sustainability group project in STS 4500 had great merit. The age of the internet will push governments and nonprofits to provide all kinds of aid, specifically that for food insecurity through online infrastructure. The kinds of web attacks that my technical research hopes to defend against are nefarious; they have hidden themselves in unsuspecting entities ranging from URL’s to PDF’s opened with the ‘wrong’ browser extension to comments on a family member’s facebook post. Online infrastructure created to help the most needy will most certainly have a target on its back, requiring end-users to sign-in and provide sensitive, valuable information that an attacker will steal. If an attacker understands a potential victim’s urgency, weaponizing this need can be abused through deceptive promises: Is the link, email or advertisement you clicked hiding something? My STS and technical research come together in pointing out the certainty in online migrations for assistance programs and one of the many necessary cyber-protections for this ongoing change.
BS (Bachelor of Science)
Cyber security, Web Security, Browser Security, XSS, DOMXSS, Chromium
School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Yuan Tian
STS Advisor: Richard Jacques
All rights reserved (no additional license for public reuse)