Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
暂无分享,去创建一个
Zhenkai Liang | Prateek Saxena | Shruti Tople | Xinshu Dong | Zhaofeng Chen | Hossein Siadati | P. Saxena | Zhenkai Liang | X. Dong | Zhaofeng Chen | Shruti Tople | Hossein Siadati
[1] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[2] P. S. Tasker,et al. DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .
[3] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .
[4] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.
[5] Dan Boneh,et al. Architectural support for copy and tamper resistant software , 2000, SIGP.
[6] Martin P. Clark. Appendix 4: Internet Engineering Task Force (IETF) Request for Comment (RFC) Listing , 2003 .
[7] Dan Boneh,et al. Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .
[8] David Brumley,et al. Privtrans: Automatically Partitioning Programs for Privilege Separation , 2004, USENIX Security Symposium.
[9] Sean W. Smith,et al. Trusted paths for browsers , 2002, TSEC.
[10] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.
[11] Steven D. Gribble,et al. A safety-oriented platform for Web applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[12] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[13] Prateek Saxena. Static Binary Analysis and Transformation fo Sandboxing Untrusted Plugins , 2007 .
[14] Lorrie Faith Cranor,et al. Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.
[15] Niels Provos,et al. A framework for detection and measurement of phishing attacks , 2007, WORM '07.
[16] Cong Nie. Dynamic Root of Trust in Trusted Computing , 2007 .
[17] Desney S. Tan,et al. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.
[18] Mark Handley,et al. Wedge: Splitting Applications into Reduced-Privilege Compartments , 2008, NSDI.
[19] Adrian Perrig,et al. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.
[20] P. Saxena,et al. A Practical Technique for Containment of Untrusted Plug-ins , 2008 .
[21] R. Sekar,et al. Efficient fine-grained binary instrumentationwith applications to taint-tracking , 2008, CGO '08.
[22] Zhenkai Liang,et al. BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.
[23] R. Sekar,et al. On the Limits of Information Flow Techniques for Malware Analysis and Containment , 2008, DIMVA.
[24] Hao Chen,et al. OMash: enabling secure web mashups via object abstractions , 2008, CCS.
[25] Haining Wang,et al. Anti-Phishing in Offense and Defense , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).
[26] Stephen McCamant,et al. Loop-extended symbolic execution on binary programs , 2009, ISSTA.
[27] Michael K. Reiter,et al. Safe Passage for Passwords and Other Sensitive Data , 2009, NDSS.
[28] Is it too late for PAKE ? , 2009 .
[29] Adam Barth,et al. The Security Architecture of the Chromium Browser , 2009 .
[30] Helen J. Wang,et al. The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.
[31] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[32] Markus Dürmuth,et al. A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.
[33] Kevin Borders,et al. Protecting Confidential Data on Personal Computers with Storage Capsules , 2009, USENIX Security Symposium.
[34] P. Saxena,et al. The Emperor ’ s New APIs : On the ( In ) Secure Usage of New Client-side Primitives , 2010 .
[35] Steve Hanna,et al. A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.
[36] Samuel T. King,et al. Trust and Protection in the Illinois Browser Operating System , 2010, OSDI.
[37] Steve Hanna,et al. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.
[38] Christopher Krügel,et al. A solution for the automated detection of clickjacking attacks , 2010, ASIACCS '10.
[39] Trent Jaeger,et al. An architecture for enforcing end-to-end access control over web applications , 2010, SACMAT '10.
[40] Wenliang Du,et al. ESCUDO: A Fine-Grained Protection Model for Web Browsers , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.
[41] Rui Wang,et al. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.
[42] Adam Barth,et al. Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.
[43] Benjamin Livshits,et al. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.
[44] V. N. Venkatakrishnan,et al. AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements , 2010, USENIX Security Symposium.
[45] Yuchen Zhou,et al. Protecting Private Web Content from Embedded Scripts , 2011, ESORICS.
[46] Alan O. Freier,et al. Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .
[47] Zhenkai Liang,et al. AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements , 2011, ACSAC '11.
[48] Eric Yawei Chen,et al. App isolation: get the security of multiple browsers with just one , 2011, CCS '11.
[49] Samuel T. King,et al. Designing and Implementing the OP and OP2 Web Browsers , 2011, TWEB.
[50] Wenliang Du,et al. Contego: Capability-Based Access Control for Web Browsers - (Short Paper) , 2011, TRUST.
[51] Dawn Xiaodong Song,et al. A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.
[52] Elaine Shi,et al. Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection , 2011, HotOS.
[53] Zhenkai Liang,et al. Towards Fine-Grained Access Control in JavaScript Contexts , 2011, 2011 31st International Conference on Distributed Computing Systems.
[54] Michael K. Reiter,et al. Usability Testing a Malware-Resistant Input Mechanism , 2011, NDSS.
[55] Helen J. Wang,et al. Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.
[56] Yang Tang,et al. CleanOS: Limiting Mobile Data Exposure with Idle Eviction , 2012, OSDI.
[57] Krishna P. Gummadi,et al. Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.
[58] Dawn Xiaodong Song,et al. Privilege Separation in HTML5 Applications , 2012, USENIX Security Symposium.
[59] David A. Wagner,et al. An Evaluation of the Google Chrome Extension Security Architecture , 2012, USENIX Security Symposium.
[60] E. Chen,et al. Self-Exfiltration : The Dangers of Browser-Enforced Information Flow Control , 2012 .
[61] Frank Stajano,et al. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.
[62] Xuhua Ding,et al. Virtualization Based Password Protection against Malware in Untrusted Operating Systems , 2012, TRUST.
[63] Ruby B. Lee,et al. A software-hardware architecture for self-protecting data , 2012, CCS.
[64] Dan Boneh,et al. Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks , 2012, USENIX Security Symposium.
[65] Helen J. Wang,et al. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems , 2012, 2012 IEEE Symposium on Security and Privacy.
[66] James Newsome,et al. Building Verifiable Trusted Path on Commodity x86 Computers , 2012, 2012 IEEE Symposium on Security and Privacy.
[67] Zhenkai Liang,et al. A Quantitative Evaluation of Privilege Separation in Web Browser Designs , 2013, ESORICS.