On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications
暂无分享,去创建一个
[1] Adrian Perrig,et al. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.
[2] Dan S. Wallach,et al. Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web , 2012, USENIX Security Symposium.
[3] Dirk Fox,et al. Cross Site Scripting (XSS) , 2012, Datenschutz und Datensicherheit - DuD.
[4] Alexei Czeskis,et al. Protected Login , 2012, Financial Cryptography Workshops.
[5] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.
[6] Paul E. Hoffman,et al. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.
[7] David A. Wagner,et al. Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.
[8] Sid Stamm,et al. Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL , 2010 .
[9] Rolf Oppliger,et al. SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle , 2006, Comput. Commun..
[10] Dan S. Wallach,et al. Hardening Persona - Improving Federated Web Login , 2014, NDSS.
[11] Wouter Joosen,et al. You are what you include: large-scale evaluation of remote javascript inclusions , 2012, CCS.
[12] Chris Palmer,et al. Public Key Pinning Extension for HTTP , 2015, RFC.
[13] Arnis Parsovs. Practical Issues with TLS Client Certificate Authentication , 2014, NDSS.
[14] Arnar Birgisson,et al. Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud , 2014, NDSS.
[15] Dirk Balfanz,et al. Transport Layer Security (TLS) Channel IDs , 2013 .
[16] Alfredo Pironti,et al. Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.
[17] Sid Stamm,et al. Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) , 2011, Financial Cryptography.
[18] Jeremy Clark,et al. 2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .
[19] Tim Dierks,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .
[20] Collin Jackson,et al. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure , 2013, WWW.
[21] Rolf Oppliger,et al. SSL/TLS session-aware user authentication revisited , 2008, Comput. Secur..
[22] Dan S. Wallach,et al. Strengthening user authentication through opportunistic cryptographic identity assertions , 2012, CCS.
[23] Lorrie Faith Cranor,et al. Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.
[24] Sebastian Mödersheim,et al. Formalizing and Analyzing Sender Invariance , 2006, Formal Aspects in Security and Trust.
[25] S. Hadjiefthymiades,et al. Hypertext Transfer Protocol (HTTP) , 1996 .
[26] C. Jackson,et al. Beware of Finer-Grained Origins , 2008 .