Web browsers as operating systems: supporting robust and secure web programs
暂无分享,去创建一个
[1] Richard Sharp,et al. Abstracting application-level web security , 2002, WWW.
[2] Randall B. Smith,et al. Self: The power of simplicity , 1987, OOPSLA 1987.
[3] Alain J. Mayer,et al. Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies , 1998, USENIX Security Symposium.
[4] Dan S. Wallach,et al. Extensible security architectures for Java , 1997, SOSP.
[5] Tal Garfinkel,et al. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools , 2003, NDSS.
[6] Úlfar Erlingsson,et al. SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.
[7] Ajay Chander,et al. JavaScript instrumentation for browser security , 2007, POPL '07.
[8] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[9] Wilson C. Hsieh,et al. Processes in KaffeOS: isolation, resource management, and sharing in java , 2000, OSDI.
[10] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.
[11] David E. Evans,et al. Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).
[12] Helen J. Wang,et al. The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.
[13] Dawn Xiaodong Song,et al. Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[14] William A. Arbaugh,et al. IEEE 52 Computer , 1985 .
[15] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[16] Marti A. Hearst,et al. Why phishing works , 2006, CHI.
[17] Sophie Engle,et al. AN INTRODUCTION TO ARP SPOOFING , 2001 .
[18] Charles Reis,et al. Isolating web programs in modern browser architectures , 2009, EuroSys '09.
[19] Norman Hardy,et al. The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.
[20] Helen J. Wang,et al. Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM 2004.
[21] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.
[22] Helen J. Wang,et al. Live Monitoring: Using Adaptive Instrumentation and Analysis to Debug and Maintain Web Applications , 2007, HotOS.
[23] Jerri L. Ledford,et al. Google Analytics , 2006 .
[24] Roy T. Fielding,et al. The Apache HTTP Server Project , 1997, IEEE Internet Comput..
[25] Helen J. Wang,et al. Subspace: secure cross-domain communication for web mashups , 2007, WWW '07.
[26] John K. Ousterhout,et al. The Safe-Tcl Security Model , 1998, USENIX Annual Technical Conference.
[27] Tal Garfinkel,et al. Ostia: A Delegating Architecture for Secure System Call Interposition , 2004, NDSS.
[28] Tadayoshi Kohno,et al. Detecting In-Flight Page Changes with Web Tripwires , 2008, NSDI.
[29] Christopher Krügel,et al. Preventing Cross Site Request Forgery Attacks , 2006, 2006 Securecomm and Workshops.
[30] Brian N. Bershad,et al. Improving the reliability of commodity operating systems , 2005, TOCS.
[31] Nathaniel S. Borenstein,et al. EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail , 1994, ULPAA.
[32] Martín Abadi,et al. XFI: software guards for system address spaces , 2006, OSDI '06.
[33] Sotiris Ioannidis,et al. Building a Secure Web Browser , 2001, USENIX Annual Technical Conference, FREENIX Track.
[34] Helen J. Wang,et al. BrowserShield: vulnerability-driven filtering of dynamic HTML , 2006, OSDI '06.
[35] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.
[36] Mike Hibler,et al. An integrated experimental environment for distributed systems and networks , 2002, OSDI '02.
[37] Jerome H. Saltier,et al. Protection of information in computer systems , 1975, IEEE CSIT Newsletter.
[38] Youki Kadobayashi,et al. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..
[39] Eric A. Brewer,et al. Reducing WWW Latency and Bandwidth Requirements by Real-Time Distillation , 1996, Comput. Networks.
[40] Xuxian Jiang,et al. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities , 2006, NDSS.
[41] Dan Boneh,et al. Protecting browser state from web privacy attacks , 2006, WWW '06.
[42] Sean W. Smith,et al. Trusted paths for browsers , 2002, TSEC.
[43] Helen J. Wang,et al. MashupOS: Operating System Abstractions for Client Mashups , 2007, HotOS.
[44] Charles Reis,et al. Architectural Principles for Safe Web Programs , 2007, HotNets.
[45] J. Doug Tygar,et al. The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.
[46] Spyros Antonatos,et al. Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure , 2008, TSEC.
[47] Jesse James Garrett. Ajax: A New Approach to Web Applications , 2007 .
[48] Shih-Kun Huang,et al. Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.
[49] F. Piessens,et al. Requestrodeo: Client Side Protection against Session Riding , 2006 .
[50] Steven D. Gribble,et al. A Crawler-based Study of Spyware in the Web , 2006, NDSS.
[51] Robert A. Martin,et al. Vulnerability Type Distributions in CVE , 2007 .
[52] Benjamin Livshits,et al. AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications , 2010, ACM Trans. Web.
[53] Crispin Cowan,et al. Timing the Application of Security Patches for Optimal Uptime , 2002, LISA.
[54] James P Anderson,et al. Computer Security Technology Planning Study , 1972 .
[55] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[56] B. Bershad,et al. Using Processes to Improve the Reliability of Browser-based Applications , 2007 .
[57] Charles Babcock. Yahoo Mail Worm May Be First Of Many As Ajax Proliferates , 2006 .
[58] David A. Wagner,et al. A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.
[59] E. Felten,et al. Cross-Site Request Forgeries : Exploitation and Prevention , 2008 .
[60] Emin Gün Sirer,et al. Design and implementation of a distributed virtual machine for networked computers , 2000, OPSR.
[61] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[62] Neha Narula,et al. Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.
[63] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[64] Úlfar Erlingsson,et al. IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.
[65] Steven D. Gribble,et al. A safety-oriented platform for Web applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[66] Edward W. Felten,et al. Timing attacks on Web privacy , 2000, CCS.
[67] Alec Wolman,et al. The structure and performance of interpreters , 1996, ASPLOS VII.
[68] Amir Herzberg,et al. TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks , 2004 .
[69] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[70] Dan Boneh,et al. Protecting browsers from DNS rebinding attacks , 2009, ACM Trans. Web.
[71] Peter Szor,et al. HUNTING FOR METAMORPHIC , 2001 .
[72] Samuel T. King,et al. Secure Web Browsing with the OP Web Browser , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).