Trusted paths for browsers

ACM Transactions on Information and System Security

Volumn 8, Issue 2, 2005, Pages 153-186

  Ye, Zishuang ^a,b   Smith, Sean ^a,b   Anthony, Denise ^a,c  

^a DARTMOUTH COLLEGE   (United States)

^b Dartmouth Department of Computer Science_Dartmouth College   (United States)

^c Dartmouth College   (United States)

Author keywords

HCISEC; Trust path; Web browser security

Indexed keywords

HCISEC; TRUST PATH; WEB BROWSER SECURITY; WEB SPOOFING;

ELECTRONIC COMMERCE; HUMAN ENGINEERING; NETWORK PROTOCOLS; PROBLEM SOLVING; USER INTERFACES; WEB BROWSERS;

SECURITY OF DATA;

EID: 23244459906     PISSN: 10949224     EISSN: None     Source Type: Journal    
DOI: 10.1145/1065545.1065546     Document Type: Review

References (41)

1. ALSAID, A. AND MARTI, D. 2002. Detecting web bugs with bugnosis: Privacy advocacy through education. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies, San Fransicsco, CA. Springer-Verlag, Berlin.
2. ANTICSOFT LIMITED. 2000 WebAssurity. Online resource, http://www.articsoft.com/webassurity.htm.
3. BARBALAC, R. 2000. Making something look hacked when it isn't. The Risks Digest 21, 16 (Dec.).
4. BONISTEEL, S. 2001. Microsoft browser slips up on SSL certificates. Online resource, http://www.computeruser.com/news/01/12/27/news4.html.
5. DEAN, D. AND WALLACH, D. 2001. Personal communication.
6. DEPARTMENT OF DEFENSE. 1985, Trusted Computer System Evaluation Criteria. DoD 5200.28-STD.
7. DIX, A., FINLAY, J., ABOWD, G., AND BEALE, R. 1997. Human-Computer Interaction, 2 ed. Prentice Hall, Englewood Cliffs, NJ.
8. ELLISON, C. 1999. The nature of a usable PKI. Computer Networks 31.
9. ELLISON, C. 2000. Personal communication.
10. ELLISON, C., HALL, C., MILBERT, R., AND SCHNEIER, B. 2000. Protecting secret keys with personal entropy. Future Generation Computer Systems 16.
11. FELTEN, E., BALFANZ, D., DEAN, D., AND WALLACH, D. 1997. Web spoofing: An internet con game. In The 20th National Information Systems Security Conference, Baltimore, MD.
12. FOGG, B., SOOHOO, C., DANIELSON, D., MARABLE, L., STANFORD, J., AND TAUBER, E. 2002. How do People Evaluate a Web Site's Credibility? Results from a Large Study. Tech. Rep., Consumer WebWatch/Stanford Persuasive Technology Lab.
13. FRIEDMAN, B., HURLEY, D., HOWE, D., FELTEN, E., AND NISSENBAUM, H. 2003. User's conceptions of web security: A comparative study. In ACM/CHI2002 Conference on Human Factors and Computing Systems, Minneapolis, MN. Extended abstracts.
14. GEOTRUST, INC. 2003. True site: Identity assurance for Web sites. Online resource, http://www.geotrust.com/true_site/index.htm.
15. HERZBERG, A. AND GBARA, A. 2004. Protecting (even) naive Web users, or: preventing spoofing and establishing credentials of Web sites. Draft.
16. JIANG, S., SMITH, S., AND MINAMI, K. 2001. Securing Web servers against insider attack. In the 17th ACSA/ACM Computer Security Applications Conference, New Orleans, LA.
17. KAIN, K., SMITH, S., AND ASOKAN, R. 2002. Digital signatures and electronic documents: A cautionary tale. In Advanced Communications and Multimedia Security. Kluwer Academic, Norwell, MA.
18. LEFRANC, S. AND NACCACHE, D. 2003. Cut-&-paste attacks with JAVA. In Information Security and Cryptology - ICISC 2002. LNCS 2587, Springer-Verlag, Berlin.
19. MARCHESINI, J., SMITH., S., AND ZHAO, M. 2003. Keyjacking: Risks of the current client-side infrastructure. In Proceedings of the 2nd Annual PKI Research Workshop, Gaithersburg, MD.
20. MAREMONT, M. 1999. Extra! extra!: Internet hoax, get the details. The Wall Street Journal.
21. MOZILLA ORGANIZATION, THE. 2001. Gecko DOM reference. Online resource, http://www.mozilla.org/docs/dom/domref/dom_window_ref.html.
22. NORMAN, E. 2002. Personal communication.
23. PAOLI, F. D., DOSSANTOS, A., AND KEMMERER, R. 1997. Vulnerability of 'secure' web browsers. In Proceedings of the National Information Systems Security Conference.
24. PERRIG, A. AND SONG, D. 1999. Hash visualization: A new technique to improve real-world security. In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce.
25. RESCORLA, E. 2001. SSL and TLS: Designing and building secure systems. Addison Wesley, Reading, MA.
26. ROME, J. 1995. Compartmented mode workstations. Online resource, http://www.ornl.gov/~jar/doecmw.pdf.
27. SECUNIA. 2004. Mozilla/mozilla firefox user interface spoofing vulnerability. Secunia Advisory SA12188.http://secunia.com/advisories/12188/.
28. SECURE SOFTWARE, INC. EGADS homepage. Online resource, http://www.securesoftware.com/download_form_egads.htm.
29. SMITH, S. 2000. WebALPS: Using Trusted Co-Servers to Enhance Privacy and Security of Web Interactions. Tech. Rep. IBM T.J. Watson Research Center Research Report RC 21851.
30. SMITH, S. 2001. WebALPS: A survey of e-commerce privacy and security applications. ACM SIGecom Exchanges 2.3.
31. SMITH, S. AND SAFFORD, D. 2001. Practical server privacy using secure coprocessors. IBM Systems Journal 40.
32. SULLIVAN, B. 2000. Scam artist copies payPal Web site. The page expired, but related discussion exists at http://www.landfield.com/isn/mail-archive/2000/ Jul/0100.html.
33. TURNER, C. 2003. How do consumers form their judgments of the security of e-commerce web sites? In ACM/CHI2003 Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, FL. http://www.andrewpatrick.ca/CHI2003/ HCISEC/index.html.
34. TYGAR, J. AND WHITTEN, A. 1996. WWW electronic commerce and Java trojan horses. In Proceeding of the 2nd USENIX Workshop on Electronic Commerce.
35. UNITED STATES SECURITIES AND EXCHANGE COMMISSION. 1999. Litigation release no. 16266. Online Resource, http://www.sec.gov/litigation/litreleases/ lr16266.htm.
36. WEISER, R. 2001. Personal communication.
37. WHITTEN, A. AND TYGAR, J. 1999. Why johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceeding of the 8th USENIX Security Symposium (Washington D.C.).
38. YE, Z. 2002. Building trusted paths for Web browsers. M.S. Thesis, Department of Computer Science, Dartmouth College, Hanover, NH.
39. YE, Z. AND SMITH, S. 2002. Trusted paths for browsers. In Proceeding of the 11th USENIX Security Symposium, San Francisco, CA.
40. YE, Z., YUAN, Y., AND SMITH, S. 2002. Web Spoofing Revisited: SSL and Beyond. Tech. Rep. Department of Computer Science, Dartmouth College, TR2002-417.
41. YEE, K. 2002. User interaction design for secure systems. In Proceedings of the 4th International Conference on Information and Communications Security, Singapore.