Network-based Origin Confusion Attacks against HTTPS Virtual Hosting
暂无分享,去创建一个
[1] Chris Palmer,et al. Certificate Pinning Extension for HSTS , 2011 .
[2] Jörg Schwenk,et al. SoK: Lessons Learned from SSL/TLS Attacks , 2013, WISA.
[3] Bodo Möller,et al. TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks , 2015, RFC.
[4] Dawn Xiaodong Song,et al. Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.
[5] Alfredo Pironti,et al. An implementation of TLS 1.2 with verified cryptographic security , 2013, POST 2013.
[6] Ralf Sasse,et al. ARPKI: Attack Resilient Public-Key Infrastructure , 2014, CCS.
[7] Vitaly Shmatikov,et al. The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.
[8] Sunil Kumar,et al. Formal Verification of OAuth 2.0 Using Alloy Framework , 2011, 2011 International Conference on Communication Systems and Network Technologies.
[9] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.
[10] Arnis Parsovs. Practical Issues with TLS Client Certificate Authentication , 2014, NDSS.
[11] Alfredo Pironti,et al. Implementing TLS with Verified Cryptographic Security , 2013, 2013 IEEE Symposium on Security and Privacy.
[12] Srdjan Capkun,et al. On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications , 2014, USENIX Security Symposium.
[13] Sid Stamm,et al. Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) , 2011, Financial Cryptography.
[14] Vitaly Shmatikov,et al. The Hitchhiker's Guide to DNS Cache Poisoning , 2010, SecureComm.
[15] Tim Dierks,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .
[16] D. Recordon,et al. The OAuth 2.0 Authorization Protocol: Bearer Tokens draft-ietf-oauth-v2-bearer-10 , 2012 .
[17] Sid Stamm,et al. Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL , 2010 .
[18] XiaoFeng Wang,et al. Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services , 2012, 2012 IEEE Symposium on Security and Privacy.
[19] Sid Stamm,et al. Reining in the web with content security policy , 2010, WWW '10.
[20] Ralf Küsters,et al. An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System , 2014, 2014 IEEE Symposium on Security and Privacy.
[21] Jeff Hodges,et al. HTTP Strict Transport Security (HSTS) , 2012, RFC.
[22] Eric Rescorla,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.
[23] Dan Boneh,et al. Protecting browsers from dns rebinding attacks , 2007, CCS '07.
[24] Tim Wright,et al. Transport Layer Security (TLS) Extensions , 2003, RFC.
[25] Susan Landau,et al. Highlights from Making Sense of Snowden, Part II: What's Significant in the NSA Revelations , 2014, IEEE Security & Privacy.
[26] David A. Wagner,et al. Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.
[27] Arno Fiedler,et al. Certificate transparency , 2014, Commun. ACM.
[28] A. Bortz. Origin Cookies : Session Integrity for Web Applications , 2011 .
[29] Yinglian Xie,et al. Web PKI: Closing the Gap between Guidelines and Practices , 2014, NDSS.
[30] Alfredo Pironti,et al. Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.
[31] Martin Thomson,et al. Hypertext Transfer Protocol Version 2 (HTTP/2) , 2015, RFC.
[32] Wenke Lee,et al. Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries , 2008, CCS.
[33] Dan S. Wallach,et al. Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web , 2012, USENIX Security Symposium.
[34] J. Alex Halderman,et al. Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.
[35] Konstantin Beznosov,et al. The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems , 2012, CCS.
[36] Kenneth G. Paterson,et al. Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol , 2011, ASIACRYPT.
[37] Alexey Melnikov,et al. The WebSocket Protocol , 2011, RFC.
[38] Jeremiah Grossman,et al. XSS Attacks: Cross Site Scripting Exploits and Defense , 2007 .
[39] Robin Sommer,et al. Here's my cert, so trust me, maybe?: understanding TLS errors on the web , 2013, WWW.
[40] Eric Rescorla,et al. HTTP Over TLS , 2000, RFC.
[41] Jianping Wu,et al. When HTTPS Meets CDN: A Case of Authentication in Delegated Service , 2014, 2014 IEEE Symposium on Security and Privacy.
[42] Karthikeyan Bhargavan,et al. Language-based Defenses Against Untrusted Browser Origins , 2013, USENIX Security Symposium.
[43] Alfredo Pironti,et al. A Messy State of the Union: Taming the Composite State Machines of TLS , 2015, 2015 IEEE Symposium on Security and Privacy.
[44] Kenneth G. Paterson,et al. On the Security of the TLS Protocol: A Systematic Analysis , 2013, IACR Cryptol. ePrint Arch..