Difference between revisions of "Resource Integrity"
From MgmtWiki
(→Solutions) |
(→Context) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
==Context== | ==Context== | ||
* Where a digital device is dependent on the received resource being an exact duplicate of that produced by a trusted party, some sort of authentication code is suppled. Cryptography is used to assure that no attacker could alter the contents without the receiver detecting the alteration. | * Where a digital device is dependent on the received resource being an exact duplicate of that produced by a trusted party, some sort of authentication code is suppled. Cryptography is used to assure that no attacker could alter the contents without the receiver detecting the alteration. | ||
| − | * This is also known | + | * This is also known as tamper evident protection. |
| + | |||
==Problems== | ==Problems== | ||
==Solutions== | ==Solutions== | ||
| Line 10: | Line 11: | ||
===Code Signing=== | ===Code Signing=== | ||
| − | === | + | ===Subresource Integrity=== |
| − | * SRI for the browser is | + | * [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity SRI for the browser] is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. Using Content Delivery Networks (CDNs) to host files such as scripts and stylesheets that are shared among multiple sites can improve site performance and conserve bandwidth. However, using CDNs also comes with a risk, in that if an attacker gains control of a CDN, the attacker can inject arbitrary malicious content into files on the CDN (or replace the files completely) and thus can also potentially attack all sites that fetch files from that CDN. |
==References== | ==References== | ||
[[Category: Glossary]] | [[Category: Glossary]] | ||
Latest revision as of 22:10, 2 May 2022
Contents
Full Title or Meme
The ability of the receiver to determine that a received resource has not be tampered with before it is used.
Context
- Where a digital device is dependent on the received resource being an exact duplicate of that produced by a trusted party, some sort of authentication code is suppled. Cryptography is used to assure that no attacker could alter the contents without the receiver detecting the alteration.
- This is also known as tamper evident protection.
Problems
Solutions
Code Signing
Subresource Integrity
- SRI for the browser is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. Using Content Delivery Networks (CDNs) to host files such as scripts and stylesheets that are shared among multiple sites can improve site performance and conserve bandwidth. However, using CDNs also comes with a risk, in that if an attacker gains control of a CDN, the attacker can inject arbitrary malicious content into files on the CDN (or replace the files completely) and thus can also potentially attack all sites that fetch files from that CDN.
