TY - GEN
T1 - Cross-domain vulnerabilities over social networks
AU - Bernard, Catherine
AU - Debar, Herve
AU - Benayoune, Salim
PY - 2012/12/1
Y1 - 2012/12/1
N2 - Recent years have seen a tremendous growth of social networks such as Facebook and Twitter. At the same time, the share of video traffic in the Internet has also significantly increased, and the two functions are getting closer to one another. YouTube, the most famous video sharing site, allows people to comment on videos with other people while Facebook and Twitter are important vectors into sharing videos. Both video channels and social networks are increasingly vulnerable attack targets. For example, social networks are also considerable spam and phishing vectors, and Adobe Flash as the premier video streaming application is associated with numerous software vulnerabilities. This is a good way for attackers to compromise sites with embedded Flash objects. In this paper, we present the technical background of the cross-domain mechanisms and the security implications. Several recent studies have demonstrated the weakness of the cross-domain policy, leading to session hijacking or the leakage of sensitive information. Current solutions to detect these vulnerabilities use a client-side approach. The purpose of our work is to present a new approach based on network flows analysis to detect malicious behavior.
AB - Recent years have seen a tremendous growth of social networks such as Facebook and Twitter. At the same time, the share of video traffic in the Internet has also significantly increased, and the two functions are getting closer to one another. YouTube, the most famous video sharing site, allows people to comment on videos with other people while Facebook and Twitter are important vectors into sharing videos. Both video channels and social networks are increasingly vulnerable attack targets. For example, social networks are also considerable spam and phishing vectors, and Adobe Flash as the premier video streaming application is associated with numerous software vulnerabilities. This is a good way for attackers to compromise sites with embedded Flash objects. In this paper, we present the technical background of the cross-domain mechanisms and the security implications. Several recent studies have demonstrated the weakness of the cross-domain policy, leading to session hijacking or the leakage of sensitive information. Current solutions to detect these vulnerabilities use a client-side approach. The purpose of our work is to present a new approach based on network flows analysis to detect malicious behavior.
KW - Cross-domain attack
KW - Flash security
KW - Social Network security
KW - YouTube
U2 - 10.1109/CASoN.2012.6412370
DO - 10.1109/CASoN.2012.6412370
M3 - Conference contribution
AN - SCOPUS:84874086750
SN - 9781467347921
T3 - Proceedings of the 2012 4th International Conference on Computational Aspects of Social Networks, CASoN 2012
SP - 8
EP - 13
BT - Proceedings of the 2012 4th International Conference on Computational Aspects of Social Networks, CASoN 2012
T2 - 2012 4th International Conference on Computational Aspects of Social Networks, CASoN 2012
Y2 - 21 November 2012 through 23 November 2012
ER -