This paper proposes a number of techniques for detecting unauthorized changes to Web pages on their way from the server to the client. Pop-ups and other forms of advertising inserted into the pages served by providers of free Web hosting services are perhaps the best illustration of this problem. Unfortunately, as the authors found in their study, this practice is much more widespread than that. More than just being a minor annoyance, these changes may also introduce vulnerabilities into otherwise secure and safe Web pages.
Reis et al. address this problem by inserting JavaScript code into Web pages. This code works as a tripwire, alerting the end user and the server about unauthorized modifications to the protected Web page. The few different approaches described in the paper differ by type of modifications that can be detected, but they all depend on a script executed inside the Web browser to compare the Web page being displayed with a known good digest or a second copy, fetched from the server by the script. Each proposed technique is then implemented and measured in terms of amount of network traffic, server throughput, and client latency. The benchmark results show that tripwires have negligible impact on server throughput, which is their major advantage over the computationally intensive hypertext transfer protocol over secure sockets layer (HTTPS) protocol. The authors discuss possible ways to circumvent the Web tripwires and how to defend against such attacks.
Given the importance of the Web, as a way to access applications and information, and communicate with people and organizations, this paper is a must-read for developers of content management systems (CMSs). I would like to see the proposed techniques developed into plug-ins for some of the popular CMS frameworks, to make them easily accessible for the less technically oriented Web publishers.