A NOVEL FRAMEWORK TO ALLEVIATE DISSEMINATION OF XSS WORMS IN ONLINE SOCIAL NETWORK (OSN) USING VIEW SEGREGATION

摘要

In this paper, we propose a client-server based framework that alleviates the dissemination of XSS worms from the OSN. The framework initially creates the views corresponding to retrieved request on the server-side. Such views indicate that which part of the generated web page on the server can be accessed by user depending on the generated Access Control List (ACL). Secondly, JavaScript attack vectors are retrieved from the HTTP response by referring the blacklist repository of attack vectors. Finally, injection of sanitization primitives will be done on the client-side in place of extracted JavaScript attack vectors. The framework will perform the sanitization on such attack vectors strictly in a context-aware manner. The experimental testing of our framework has performed on the two platforms of open source OSN-based web applications. The observed detection rate of JavaScript attack vectors was effective and acceptable as compared to other existing XSS defensive methodologies. The proposed framework has optimized the method of auto-context-aware sanitization in contrast to other existing approaches and hence incurs a low and acceptable performance overhead.