Supporting Safe Content-Inspection of Web Traffic
Citation:
Partha Pal, Michael Atighetchi,
Supporting Safe Content-Inspection of Web Traffic,
CrossTalk September 2008, pages 19-2.
Formats:
pdf
Abstract
Interception of software interaction for the purpose of introducing
additional functionality or alternative behavior is a well-known
software engineering technique that has been used successfully for
various reasons including security. Software wrappers, firewalls, and
a number of middleware constructs all depend on interception to
achieve their respective security, fault tolerance, interoperability
or load balancing objectives. Web proxies, as used by organizations
to monitor and secure web traffic into and out of their internal
networks provide another important example.
As more and more interactions (including personal, financial, and
social) become web based, we make a number of observations. First, as
technology advances and public awareness of Internet security
increases, an increasing portion of web traffic is likely to be
carried by HTTPS. Second, while that will provide a level of
end-to-end security, it will present a new challenge for the functions
and services that rely on inspecting the content of web traffic. Some
of these services and functions will concern security, such as
auditing and access control. The challenge comes from two directions--
first, the standard web proxies of today pass the HTTPS traffic
through, and second, web proxies are somewhat global (aggregating a
bunch of users or applications) and agnostic to personalization to
individual user's or application's context and requirement. We
developed a personal proxy, that is capable to handle both HTTP and
HTTPS traffic, and demonstrated its use in tackling the threat of
Phishing attacks. We claim that the personal proxy will be a useful
tool for implementing functions and services that require inspection
of web traffic content.
