论文信息 - Embedded management interfaces emerging massive insecurity

Embedded management interfaces emerging massive insecurity

PREFACE T he secure embedded management interface project is being conducted at the Stanford Security Lab. Its objective is to assess the state of the art of embedded management interfaces and develop more secure solutions. This white paper summarizes the result of the first part of our project: the assessment of the security of current embedded management interfaces. Its results will be used in the second part of the project as a foundation to build more secure management interfaces. projects in the group focus on various aspects of network and computer security.

Hristo Bojinov | Elie Bursztein | Elie Bursztein | Hristo Bojinov

[1] Giovanni Vigna,et al. Detecting malicious JavaScript code in Mozilla , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).

[2] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.

[3] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.

[4] Christopher Krügel,et al. Precise alias analysis for static detection of web application vulnerabilities , 2006, PLAS '06.

[5] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.

[6] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.

[7] Frédéric Raynal,et al. New threats and attacks on the World Wide Web , 2006, IEEE Security & Privacy.

[8] Dafydd Stuttard,et al. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws , 2007 .

[9] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.

[10] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[11] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.

[12] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.

[13] Gordon Fyodor Lyon,et al. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .