Man-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning
暂无分享,去创建一个
Zhenkai Liang | Prateek Saxena | Jian Mao | Yue Chen | Xinshu Dong | Yaoqi Jia | P. Saxena | Zhenkai Liang | X. Dong | Yaoqi Jia | Yueh-Ting Chen | Jian Mao
[1] Björn Stierand,et al. Content Security Policy , 2016 .
[2] Chris Palmer,et al. Public Key Pinning Extension for HTTP , 2015, RFC.
[3] Zhenkai Liang,et al. I Know Where You've Been: Geo-Inference Attacks via the Browser Cache , 2015, IEEE Internet Computing.
[4] Heng Yin,et al. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation , 2014, CCS.
[5] Srdjan Capkun,et al. On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications , 2014, USENIX Security Symposium.
[6] Tanja Lange,et al. On the Practical Exploitability of Dual EC in TLS Implementations , 2014, USENIX Security Symposium.
[7] Collin Jackson,et al. Analyzing Forged SSL Certificates in the Wild , 2014, 2014 IEEE Symposium on Security and Privacy.
[8] Alfredo Pironti,et al. Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.
[9] Sunny Consolvo,et al. Experimenting at scale with google chrome's SSL warning , 2014, CHI.
[10] Phillip M. Hallam-Baker,et al. DNS Certification Authority Authorization (CAA) Resource Record , 2019, RFC.
[11] Matthew Smith,et al. Rethinking SSL development in an appified world , 2013, CCS.
[12] Adrienne Porter Felt,et al. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.
[13] Ben Stock,et al. Eradicating DNS Rebinding with the Extended Same-origin Policy , 2013, USENIX Security Symposium.
[14] Dirk Balfanz,et al. Transport Layer Security (TLS) Channel IDs , 2013 .
[15] Jeff Hodges,et al. HTTP Strict Transport Security (HSTS) , 2012, RFC.
[16] Bernd Freisleben,et al. Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.
[17] Patrick Traynor,et al. Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties , 2012, ESORICS.
[18] Helen J. Wang,et al. Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.
[19] Dan S. Wallach,et al. Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web , 2012, USENIX Security Symposium.
[20] Paul E. Hoffman,et al. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.
[21] Jörg Schwenk,et al. UI Redressing Attacks on Android Devices , 2012 .
[22] Lightweight Integrity Protection for Web Storage-driven Content Caching , 2012 .
[23] Amit Klein. Web Cache Poisoning Attacks , 2011, Encyclopedia of Cryptography and Security.
[24] E. Chen,et al. Talking to Yourself for Fun and Profit , 2011 .
[25] Franco Callegati,et al. Splitting the HTTPS Stream to Attack Secure Web Connections , 2010, IEEE Security & Privacy.
[26] Dan Boneh,et al. An Analysis of Private Browsing Modes in Modern Browsers , 2010, USENIX Security Symposium.
[27] Christopher Krügel,et al. A Practical Attack to De-anonymize Social Network Users , 2010, 2010 IEEE Symposium on Security and Privacy.
[28] Lorrie Faith Cranor,et al. Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.
[29] Ming Zhang,et al. Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[30] Amir Herzberg. Why Johnny can't surf (safely)? Attacks and defenses for web users , 2009, Comput. Secur..
[31] Franco Callegati,et al. Man-in-the-Middle Attack to the HTTPS Protocol , 2009, IEEE Security & Privacy Magazine.
[32] Collin Jackson,et al. Forcehttps: protecting high-security web sites from network attacks , 2008, WWW.
[33] Dan Boneh,et al. Exposing private information by timing web applications , 2007, WWW '07.
[34] Dan Boneh,et al. Protecting browser state from web privacy attacks , 2006, WWW '06.
[35] Markus Jakobsson,et al. Invasive browser sniffing and countermeasures , 2006, WWW '06.
[36] Marti A. Hearst,et al. Why phishing works , 2006, CHI.
[37] Sean W. Smith,et al. Keyjacking: the surprising insecurity of client-side SSL , 2005, Comput. Secur..
[38] Aggelos Kiayias,et al. Advances in Cryptology - EUROCRYPT 2004 , 2004 .
[39] Edward W. Felten,et al. Timing attacks on Web privacy , 2000, CCS.
[40] Sarvar Patel,et al. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.
[41] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.