Abstract
We use the Web Spoofing attack reported by Cohen and also the Secure Internet Programming Group at Princeton University to give a new method of achieving covert distributed computing with Java. We show how Java applets that perform a distributed computation can be inserted into vulnerable Web pages. This has the added feature that users can rejoin a computation at some later date through bookmarks made while the pages previously viewed were spoofed. Few signs of anything unusual can be observed. Users need not knowingly revisit a particular Web page to be victims.
We also propose a simple countermeasure against such a spoofing attack, which would be useful to help users detect the presence of Web Spoofing. Finally, we introduce the idea of browser users, as clients of Web-based services provided by third parties, “paying” for these services by running a distributed computation applet for a short period of time.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
S. R. White. Covert Distributed Processing With Computer Viruses. In Advances in Cryptology — Crypto '89 Proceedings, pages 616–619, Springer-Verlag, 1990.
Sun Microsystems. The Javaℳ Language: An Overview. See http: //java.sun.com/docs/overviews/java/java-overview-1.html [URL valid at 9 Feb. 1998].
Frederick B. Cohen. Internet holes: 50 ways to attack your web systems. Network Security, December 1995. See also http://all.net/journal/netsec/9512.html [URL valid at 20 Apr. 1998]
Frederick B. Cohen. A Note on Distributed Coordinated Attacks. Computers & Security, 15:103–121, 1996.
Edward W. Feiten, Drew Dean and Dan S. Wallach. Java Security: From HotJava to Netscape and Beyond. In IEEE Symposium on Security and Privacy, 1996. See also http://www.cs.princeton.edu/sip/pub/secure96.html [URL valid at 9 Feb. 1998]
Drew Dean, Edward W. Feiten, Dirk Balfanz and Dan S. Wallach. Web spoofing: An Internet Con Game. Technical report 540-96, Department of Computer Science, Princeton University, 1997. In 20th National Information Systems Security Conference (Baltimore, Maryland), October, 1997. See also http://www.cs.princeton.edu/sip/pub/spoofing.html [URL valid at 9 Feb. 1998]
Gary McGraw and Edward W. Feiten. Java Security: Hostile Applets, Holes, and Antidotes. John Wiley & Sons, Inc., 1997.
M. D. LaDue. Hostile Applets on the Horizon. See http://www.rstcorp.com/hostile-applets/HostileArticle.html [URL valid at 12 Feb. 1998].
RFC 1945 “Hypertext Transfer Protocol — HTTP/1.0”. See http://www.w3.org/Protocols/rfc1945/rfc1945 [URL valid at 9 Feb. 1998].
RFC 2068 “Hypertext Transfer Protocol — HTTP/1.1”. See http://www.w3.org/Protocols/rfc2068/rfc2068 [URL valid at 9 Feb. 1998].
Sun Microsystems White Paper. Java Remote Method Invocation — Distributed Computing For Java. See http://www.javasoft.com/marketing/collateral/javarmi.html [URL valid at 9 Feb. 1998].
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Horton, J., Seberry, J. (1998). Covert distributed computing using Java through Web Spoofing. In: Boyd, C., Dawson, E. (eds) Information Security and Privacy. ACISP 1998. Lecture Notes in Computer Science, vol 1438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053720
Download citation
DOI: https://doi.org/10.1007/BFb0053720
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64732-4
Online ISBN: 978-3-540-69101-3
eBook Packages: Springer Book Archive