The World Wide Web is rapidly improving as a platform for deploying sophisticated interactive applications, propelling a shift from traditional desktop-centric computing to Web-based computing. This shift has disrupted the traditional security landscape with new Web-borne threats and Web-related security problems. By utilizing attack vectors made possible by the modern Web, attackers break into the systems of Internet-connected users, steal their private data and compute resources, and expose them to unwanted software.;In this dissertation, we examine how the security landscape is changing with the emergence of Web-borne threats. We argue that these threats open several "gaps" in locating, analyzing, and defending against malicious code. Our contributions fill several of these gaps, including new infrastructure necessary to actively locate and analyze threats on the Web, behavioral techniques that can handle new security response times necessitated by the Web, and techniques for fortifying Web browsers to resist a new class of attacks that inflict damage within a browser's context. Overall, this work improves our understanding of the new threats that have emerged alongside the Web and demonstrates new techniques to better defend against Web-borne attacks.
展开▼
