"The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing
暂无分享,去创建一个
[1] Martín Abadi,et al. A Theory of Secure Control Flow , 2005, ICFEM.
[2] Vikram S. Adve,et al. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels , 2014, 2014 IEEE Symposium on Security and Privacy.
[3] Martín Abadi,et al. Control-flow integrity , 2005, CCS '05.
[4] Ankur Taly,et al. Object Capabilities and Isolation of Untrusted Web Applications , 2010, 2010 IEEE Symposium on Security and Privacy.
[5] Bennet S. Yee,et al. Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[6] M. Andreessen. MCSA Mosaic Technical Summary , 1993 .
[7] Zhenkai Liang,et al. Web-to-Application Injection Attacks on Android: Characterization and Detection , 2015, ESORICS.
[8] William R. Harris,et al. Enforcing Kernel Security Invariants with Data Flow Integrity. , 2016, NDSS 2016.
[9] Xi Wang,et al. Improving application security with data flow assertions , 2009, SOSP '09.
[10] J. Gregory Morrisett,et al. Combining control-flow integrity and static analysis for efficient and validated data sandboxing , 2011, CCS '11.
[11] Jun Xu,et al. Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.
[12] James Cheney,et al. Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.
[13] Dongyan Xu,et al. Polymorphing Software by Randomizing Data Structure Layout , 2009, DIMVA.
[14] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[15] Zhenkai Liang,et al. Automatic Generation of Data-Oriented Exploits , 2015, USENIX Security Symposium.
[16] Zhenkai Liang,et al. A Quantitative Evaluation of Privilege Separation in Web Browser Designs , 2013, ESORICS.
[17] Dawn Xiaodong Song,et al. Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense , 2009, USENIX Security Symposium.
[18] Sebastian Lekies,et al. On the Fragility and Limitations of Current Browser-Provided Clickjacking Protection Schemes , 2012, WOOT.
[19] Samuel T. King,et al. Trust and Protection in the Illinois Browser Operating System , 2010, OSDI.
[20] Úlfar Erlingsson,et al. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM , 2014, USENIX Security Symposium.
[21] Milo M. K. Martin,et al. CETS: compiler enforced temporal safety for C , 2010, ISMM '10.
[22] Milo M. K. Martin,et al. SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.
[23] Samuel T. King,et al. Secure Web Browsing with the OP Web Browser , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[24] Bennet S. Yee,et al. Adapting Software Fault Isolation to Contemporary CPU Architectures , 2010, USENIX Security Symposium.
[25] George C. Necula,et al. CCured: type-safe retrofitting of legacy code , 2002, POPL '02.
[26] Adam Barth,et al. The Security Architecture of the Chromium Browser , 2009 .
[27] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.
[28] Ahmad-Reza Sadeghi,et al. Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.
[29] Mingwei Zhang,et al. Control Flow Integrity for COTS Binaries , 2013, USENIX Security Symposium.
[30] Dan Boneh,et al. CCFI: Cryptographically Enforced Control Flow Integrity , 2015, CCS.
[31] Abhinav Srivastava,et al. Robust signatures for kernel data structures , 2009, CCS.
[32] Peng Liu,et al. A Practical Approach for Adaptive Data Structure Layout Randomization , 2015, ESORICS.
[33] Zhenkai Liang,et al. Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks , 2016, 2016 IEEE Symposium on Security and Privacy (SP).
[34] Miguel Castro,et al. Securing software by enforcing data-flow integrity , 2006, OSDI '06.
[35] Steven McCanne,et al. The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.
[36] Martín Abadi,et al. XFI: software guards for system address spaces , 2006, OSDI '06.
[37] Chao Zhang,et al. Practical Control Flow Integrity and Randomization for Binary Executables , 2013, 2013 IEEE Symposium on Security and Privacy.
[38] Samuel T. King,et al. Designing and Implementing the OP and OP2 Web Browsers , 2011, TWEB.
[39] Dawn Xiaodong Song,et al. Privilege Separation in HTML5 Applications , 2012, USENIX Security Symposium.
[40] Helen J. Wang,et al. The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.