A survey of web security

Computer

Volumn 31, Issue 9, 1998, Pages 34-41

  Rubin, Aviel D ^a,c,d,f   Geer Jr , Daniel E ^b,e,g  

^a AT AND T LABS RESEARCH   (United States)

^b Certco ^*  (United States)

^c POLYTECHNIC UNIVERSITY   (United States)

^d UNIVERSITY OF MICHIGAN   (United States)

^e CertCo LLC   (United States)

^f AT AND T LABS RESEARCH   (United States)

^g CertCo   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CLIENT SERVER COMPUTER SYSTEMS; DATA COMMUNICATION SYSTEMS; DATA PRIVACY; DATA TRANSFER; ELECTRONIC DATA INTERCHANGE; GRAPHICAL USER INTERFACES; HTML; HTTP; NETWORK PROTOCOLS; ONLINE SYSTEMS; WORLD WIDE WEB;

COMMON GATEWAY INTERFACE (CGI);

SECURITY OF DATA;

EID: 0032164210     PISSN: 00189162     EISSN: None     Source Type: Trade Journal    
DOI: 10.1109/2.708448     Document Type: Review

References (19)

1. A.D. Rubin, D. Geer, and M.J. Ranum, Web Security Sourcebook, John Wiley & Sons, New York, 1997.
2. A. Menezes, P. van Oorschot, and S. Vanstone, Hand-book of Applied Cryptography, CRC Press, Boca Raton, Fla., 1997.
3. US Dept. of Defense, "Trusted Computer System Evaluation Criteria," National Computer Security Center, DoD 5200.28-STD, Dec. 1985.
4. S. Garfinkel and E. Spafford, Practical UNIX Security, O'Reilly & Associates, Sebastapol, Calif., 1991.
5. D. Curry, UNIX System Security - A Guide for Users and System Administrators, Addison Wesley Longman, Reading, Mass., 1992.
6. B. Lampson et al., "Authentication in Distributed Systems: Theory and Practice," ACM Trans. Computer Systems, Nov. 1992, pp. 265-310.
7. J.G.Steiner, C. Neuman, and J.I. Schiller, "Kerberos: An Authentication Service for Open Network Systems," Proc. Winter 1988 General Conf., Usenix Assoc., Berkeley, Calif, 1988, pp. 191-202.
8. D. Farmer and E.H. Spafford, "The COPS Security Checker System," Proc. Summer 1990 General Conf., Usenix Assoc., Berkeley, Calif., 1990, pp. 165-170; ftp://info.cert.ort/pub/tools/cops/.
9. D.R Safford, D.L Srhalry and DJC Hess. "The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment." Proc. Fourth Security Symp., Usenix Assoc., Berkeley, Calif, 1993, pp. 91-118; ftp-//net.tamu.edu/pub/securiry/TAMU/.
10. G.H. Kim and E.H. Spafford. "The Design and Implementation of Tripwire: A File System Integrity Checker," Tech. Report CSD-TR-93-071. Purdue University Coast Laboratory, West Lafayette, Ind, Nov. 1993; ftp://info. cert.org/pub/tools/tripwire/.
11. L. Gong et al., "Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2" Proc. USENIX Symp. Internet Technologies and Systems, Usenix Assoc., Berkeley, Calif., 1997, pp. 103-112.
12. D.S. Wallach, D. Blafanz, D. Dean, and E.W. Felten, "Extensible Security Architectures for Java," Proc. 16th ACM Symp. Operating Systems Principles, ACM Press, New York. 1997.
13. G.C. Necula and P. Lee, "Safe Kernel Extensions Without Run-Time Checkin," Proc. Second Symp. Operating Systems Design and Implementation, Unix Assoc., Berkeley, Calif., 1996, pp. 229-243.
14. D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms," Comm. ACM, Feb. 1981, pp. 84-88.
15. M.K. Reiter and A.D. Rubin. "Crowds: Anonymous Web Transactions," ACM Trans. Information Systems Security, Apr. 1998; see also http://www.research.att. com/projects/crowds.
16. C, Gulcu and G. Tsudik. "Mixing E-mail with Babel," Proc. 1996 Internet Society Symp. Network and Distributed System Security, IEEE CS Press, Los Alamitos, Calif., 1996, pp. 2-16.
17. P.F. Syverson, D.M. Goldschlag, and M.G. Reed, "Anonymous Connections and Onion Routing," Proc. 1997 IEEE Symp. Security and Privacy, IEEE CS Press, Los Alamitos, Calif., 1997, pp. 44-54.
18. E. Gabber et al., "How to Make Personalized Web Browsing Simple. Secure, and Anonymous," tech. report. May 1997; see also http://www.lpwa.com.
19. D.L. Oppenheimer, D.A. Wagner, and M.D. Crabb, Site Security Handbook, RFC 1244/FY1:8. IETF, 1991.