On the Insecurity of Microsoft's Identity Metasystem

[1]  Thomas Groß,et al.  Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[2]  Desney S. Tan,et al.  An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.

[3]  Bogdan Warinschi,et al.  A computational analysis of the Needham-Schroeder-(Lowe) protocol , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[4]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[5]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[6]  Dan Boneh,et al.  Protecting browsers from dns rebinding attacks , 2007, CCS '07.

[7]  Amir Herzberg,et al.  Why Johnny can't surf (safely)? Attacks and defenses for web users , 2009, Comput. Secur..

[8]  David A. Wagner,et al.  Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.

[9]  Rolf Oppliger,et al.  SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle , 2006, Comput. Commun..

[10]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[11]  Christopher Krügel,et al.  Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.

[12]  Rolf Oppliger,et al.  SSL/TLS Session-Aware User Authentication , 2008, Computer.

[13]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[14]  Aviel D. Rubin,et al.  Risks of the Passport single signon protocol , 2000, Comput. Networks.

[15]  Andrew D. Gordon,et al.  Verified implementations of the information card federated identity-management protocol , 2008, ASIACCS '08.

[16]  Birgit Pfitzmann,et al.  Analysis of Liberty Single-Sign-on with Enabled Clients , 2003, IEEE Internet Comput..

[17]  Markus Jakobsson,et al.  Drive-By Pharming , 2007, ICICS.

[18]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).