WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring
暂无分享,去创建一个
Riccardo Focardi | Matteo Maffei | Stefano Calzavara | Marco Squarcina | Clara Schneidewind | Mauro Tempesta | Matteo Maffei | Clara Schneidewind | R. Focardi | Stefano Calzavara | M. Tempesta | M. Squarcina
[1] Fred B. Schneider,et al. Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].
[2] Ralf Küsters,et al. A Comprehensive Formal Security Analysis of OAuth 2.0 , 2016, CCS.
[3] Ajay Chander,et al. JavaScript instrumentation for browser security , 2007, POPL '07.
[4] Yuri Gurevich,et al. Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization , 2013, USENIX Security Symposium.
[5] Wouter Joosen,et al. SessionShield: Lightweight Protection against Session Hijacking , 2011, ESSoS.
[6] Nataliia Bielova. Survey on JavaScript security policies and their enforcement mechanisms in a web browser , 2013, J. Log. Algebraic Methods Program..
[7] Dominique Devriese,et al. FlowFox: a web browser with flexible and precise information flow control , 2012, CCS '12.
[8] Shriram Krishnamurthi,et al. Using static analysis for Ajax intrusion detection , 2009, WWW '09.
[9] Karthikeyan Bhargavan,et al. Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage , 2013, POST.
[10] Yuan Tian,et al. Run-time Monitoring and Formal Analysis of Information Flows in Chromium , 2015, NDSS.
[11] Jörg Schwenk,et al. SoK: Single Sign-On Security — An Evaluation of OpenID Connect , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).
[12] Riccardo Focardi,et al. Micro-policies for Web Session Security , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).
[13] Prabath Siriwardena,et al. OAuth 2.0 , 2014 .
[14] Chris J. Mitchell,et al. Analysing the Security of Google's Implementation of OpenID Connect , 2015, DIMVA.
[15] Deepak Garg,et al. Information Flow Control in WebKit's JavaScript Bytecode , 2014, POST.
[16] Pili Hu,et al. Model-based Security Testing: An Empirical Study on OAuth 2.0 Implementations , 2016, AsiaCCS.
[17] Michele Bugliesi,et al. CookiExt: Patching the browser against session hijacking attacks , 2015, J. Comput. Secur..
[18] Konstantin Beznosov,et al. The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems , 2012, CCS.
[19] Alessandro Armando,et al. Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.
[20] Jörg Schwenk,et al. On Breaking SAML: Be Whoever You Want to Be , 2012, USENIX Security Symposium.
[21] Helen J. Wang,et al. Lightweight server support for browser-based CSRF protection , 2013, WWW.
[22] Yuchen Zhou,et al. SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities , 2014, USENIX Security Symposium.
[23] Wouter Joosen,et al. Serene: Self-Reliant Client-Side Protection against Session Fixation , 2012, DAIS.
[24] Andrei Sabelfeld,et al. Measuring login webpage security , 2017, SAC.
[25] Karthikeyan Bhargavan,et al. Discovering concrete attacks on website authorization by formal analysis , 2014, J. Comput. Secur..
[26] Ben Stock,et al. Protecting users against XSS-based password manager abuse , 2014, AsiaCCS.
[27] Ahmad-Reza Sadeghi,et al. Browser Model for Security Analysis of Browser-Based Protocols , 2005, ESORICS.
[28] Martín Abadi,et al. Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..
[29] Ahmad-Reza Sadeghi,et al. Proving a WS-federation passive requestor profile with a browser model , 2005, SWS '05.
[30] Deepak Garg,et al. Information Flow Control for Event Handling and the DOM in Web Browsers , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.
[31] Ralf Küsters,et al. An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System , 2014, 2014 IEEE Symposium on Security and Privacy.
[32] Dawn Xiaodong Song,et al. Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.
[33] Mark Ryan,et al. Applied pi calculus , 2011, Formal Models and Techniques for Analyzing Security Protocols.
[34] Andrei Sabelfeld,et al. Information-flow security for JavaScript and its APIs , 2016, J. Comput. Secur..
[35] Ralf Küsters,et al. SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web , 2015, CCS.
[36] Bruno Blanchet,et al. An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..
[37] Lujo Bauer,et al. Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.
[38] Samuel T. King,et al. Fortifying web-based applications automatically , 2011, CCS '11.
[39] Alessandro Armando,et al. An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations , 2013, Comput. Secur..
[40] Chris J. Mitchell,et al. Security Issues in OAuth 2.0 SSO Implementations , 2014, ISC.
[41] Wouter Joosen,et al. Automatic and Precise Client-Side Protection against CSRF Attacks , 2011, ESORICS.
[42] XiaoFeng Wang,et al. Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services , 2012, 2012 IEEE Symposium on Security and Privacy.