Web Security (cont.)
web-specific attacks
- cross-site scripting attacks (in the general category of injection attacks)
- sql injections: form to fill out where the system expects a constant, and instead of a constant, you put in sql code. SQL will take that & accidentally do things that shouldn't be done.
- ex: if some evil person writes JS in your blog's comments, your site could run the JS, and anyone who clicks on it would be infected because it would also run it.
SYBIL attacks
- multiple identity disorder
- ex: sock puppet attack
- you create fake accounts that say what you want to say (ex: fake reviews)
- solution: CAPTCHA (Completely Automated Public Turing Test to tell Computers & Humans Apart): when you type in letters from an image that proves you're a human
Authorization - granting privileges to authorized policies. A policy is a specification of rules "Jag's allowed to see this table." A mechanism is an implementation of a policy. Encryption is a mechanism. Security is a policy.
Database Privacy
- standard attempt at stopping things from leaking out is ANONYMIZATION.
- ex: username replaced with unique identifier
- ex: zip, gender, DOB can identify 87% of people
- if you're going to release data, how? THIS IS UNSOLVABLE.
K-anonymmity! create ranges for each column of data, so that you can't identify specific people, but you can analyze chunks of data / trends. you need to do it for all columns though. computationally expensive
- vulnerability 1: homogeneity: data isn't that informative now, because you can't correlate all fields with the disease you have.
- also, if all people of age 24 in a zip code have cancer, then i can see it and know you have cancer.
- vulnerability 2: background info attack: if you have other info (ie you are a friend of a person), you can identify better
Differential Privacy - assumption: ask each question only once. if you're allowed to ask multiple times, you can essentially rebuild the distribution.