search query: @supervisor Tarkoma, Sasu / total: 33
results-list
reference: 7 / 33
« previous | next »
Author:Rantala, Ville
Title:Trust Origin and Establishment with JavaScript Applications
Publication type:Master's thesis
Publication year:2009
Pages:69 s. + liitt.      Language:   eng
Department/School:Informaatio- ja luonnontieteiden tiedekunta
Main subject:Tietokoneverkot   (T-110)
Supervisor:Tarkoma, Sasu
Instructor:Jalkanen, Janne
Electronic version URL: http://urn.fi/URN:NBN:fi:aalto-201203071341
OEVS:
Electronic archive copy is available via Aalto Thesis Database.
Instructions
close

Reading digital theses in the closed network of the Aalto University Harald Herlin Learning Centre

In the closed network of Learning Centre you can read digital and digitized theses not available in the open network.

The Learning Centre contact details and opening hours: https://learningcentre.aalto.fi/en/harald-herlin-learning-centre/

You can read theses on the Learning Centre customer computers, which are available on all floors.

Logging on to the customer computers

  • Aalto University staff members log on to the customer computer using the Aalto username and password.
  • Other customers log on using a shared username and password.

Opening a thesis

  • On the desktop of the customer computers, you will find an icon titled:

    Aalto Thesis Database

  • Click on the icon to search for and open the thesis you are looking for from Aaltodoc database. You can find the thesis file by clicking the link on the OEV or OEVS field.

Reading the thesis

  • You can either print the thesis or read it on the customer computer screen.
  • You cannot save the thesis file on a flash drive or email it.
  • You cannot copy text or images from the file.
  • You cannot edit the file.

Printing the thesis

  • You can print the thesis for your personal study or research use.
  • Aalto University students and staff members may print black-and-white prints on the PrintingPoint devices when using the computer with personal Aalto username and password. Color printing is possible using the printer u90203-psc3, which is located near the customer service. Color printing is subject to a charge to Aalto University students and staff members.
  • Other customers can use the printer u90203-psc3. All printing is subject to a charge to non-University members.
Location:P1 Ark TKK  6634   | Archive
Keywords:JavaScript
Web
security
usability
JavaScript
Web
tietoturva
käytettävyys
Abstract (eng): Applications written with Web technologies are a growing trend.
Web technologies include the JavaScript programming language which has become popular due to its support in modern Web browsers.
Today JavaScript is also used to implement installable stand-alone applications in addition to Ajax-style programming.
An example of such stand-alone applications are widgets that conform to the W3C Widgets 1.0 specification.

Security is a key concern with these kind of applications because they often have an access to sensitive and valuable information through Web or platform interfaces.
One of the main challenges is to determine how to establish trust towards an application.
Applications can be benevolent or malicious, but the difference is hard to tell by an end-user.
Digital signatures and certificates have been used to help end-users in making a trust decision and to delegate trustworthiness evaluation to trusted parties.
These mechanisms have drawbacks that make application development, distribution and adoption more difficult.

In this thesis a new trust establishment mechanism is proposed that helps to deal with the drawbacks.
It is based on the Domain Name System and utilizes the originating domain of applications.
An implementation of the proposed mechanism is provided on top of the W3C Widgets 1.0 specification and the implementation is evaluated against design requirements.
The new mechanism is recognized to bring many benefits to the different parties of the widget ecosystem.
Abstract (fin): Web-teknologioiden avulla toteutetut sovellukset ovat kasvava trendi.
Yksi merkittävä teknologia on JavaScript-ohjelmointikieli, jonka suosio on kasvanut Web-selainten myötä.
Nykyään Ajax-tyylisen ohjelmoinnin lisäksi JavaScript-kielellä tehdään myös itsenäisiä asennettavia sovelluksia.
Yksi esimerkki asennettavista sovelluksista on JavaScript-sovellukset, jotka toteuttavat W3C Widgets 1.0 -spesifikaation.

Tietoturva on tärkeässä osassa mainittujen sovelluksien tulevaisuuden kannalta.
Usein sovelluksilla on pääsy arvokkaaseen ja arkaluonteiseen tietoon joko Web- tai ajoalustarajapintojen kautta.
On tärkeää pystyä selvittävään, kuinka luottamus sovelluksia kohtaan syntyy ja mihin se voidaan perustaa.
Sovellukset voivat olla toteutettuja haitallisiin tarkoituksiin, mutta loppukäyttäjän voi olla vaikea erottaa niitä vaarattomista sovelluksista.
Digitaalisia allekirjoituksia ja varmenteita on käytetty todentamaan sovellusten alkuperä ja täten auttamaan käyttäjiä tekemään valintoja tai valtuuttamaan luotettu taho arvioimaan sovellusten luotettavuutta.
Niiden käyttäminen tuo haittapuolia, jotka vaikeuttavat sovellusten kehittämistä, jakelua ja käyttöönottoa.

Tässä diplomityössä suunnitellaan, toteutetaan ja arvioidaan vaihtoehtoinen tapa perustaa luottamus.
Ehdotettu menetelmä perustuu Internetin Domain Name System -nimipalvelujärjestelmään.
Siinä luottamus perustetaan sovelluksen alkuperään verkkotunnuksen perusteella.
Ehdotettu menetelmä on toteutettu laajennuksena W3C Widgets 1.0 -spesifikaatioon ja sen todetaan tuovan etuja monen sovellusten ekosysteemiin kuuluvien tahojen kannalta.
ED:2009-10-27
INSSI record number: 38516
+ add basket
« previous | next »
INSSI