WSKE: Web server key enabled cookies

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4886 LNCS, Issue , 2007, Pages 294-306

  Masone, Chris ^a   Baek, Kwang Hyun ^a   Smith, Sean ^a  

^a Dartmouth Department of Computer Science_Dartmouth College   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION MANAGEMENT; INTERNET PROTOCOLS; SERVERS;

COOKIE MANAGEMENT; SERVER AUTHENTICATION; WEB SERVERS;

WEB SERVICES;

EID: 38549153666     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-77366-5_28     Document Type: Conference Paper

References (25)

1. Juels, A., Jakobsson, M., Stamm, S.: Active cookies for browser authentication, http://www.ravenwhite.com/files/activecookies-28_Apr.06.pdf
2. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of SIGCHI Conference on Human Factors in Computing Systems, pp. 581-590 (2006)
3. Garfinkel, S.: Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. PhD thesis, Massachusetts Institute of Technology (2005)
4. Good, N., Dhamija, R., Grossklags, J., Thaw, D., Aronowitz, S., Mulligan, D., Konstan, J.: Stopping spyware at the gate: A user study of notice, privacy and spyware. In: SOUPS. Proceedings of the Symposium on Usable Privacy and Security, pp. 43-52 (July 2005)
5. Yee, K.P.: Guidelines and Strategies for secure Interaction Design. In: Cranor, L.F., Garfinkel, S. (eds.) Security and Usability: Designing Secure Systems That People Can Use. pp. 247-273, O'Reilly, Sebastopol (2005)
6. DNSSEC.NET: DNS Threats and DNS Weaknesses. http://www.dnssec.net/dns- threats.php
7. ISC: BIND Vulnerabilities. http://www.isc.org/index.pl?/sw/bind/bind- security.php
8. Murphy, S.: BGP Security Vulnerabilities Analysis. Internet Draft draft-murphy-bgp-vuln-01.txt (October 2004)
9. Nordstrom, O., Dovrolis, C.: Beware of BGP Attacks. SIGCOMM Computer Communication Review 34, 1-8 (2004)
10. Housley, R.: Personal commmunication (April 2006)
11. Ramachandran, A., Feamster, N.: Understanding the Network-Level Behavior of Spammers. In: Proceedings of ACM SIGCOMM (September 2006)
12. Space, S.: Secure server survey by security space and E-Soft (September 2006), http://www.securityspace.com/s_survey/sdata/200608/certca.html
13. Smith, S.W., Martini, J.C.: The Guidebook for Security Craftsmen (working title). Addison-Wesley, forthcoming book material from AWL 0321434838 (2007)
14. Sirer, G.: Personal Communication (2006)
15. XULPlanet.com: XULPlanet.com (2006), http://www.xulplanet.com
16. Foundation, M.: Mozilla Cross-Reference (2006), http://lxr.mozilla.org/ seamonkey/
17. Wilgus, K.: Cookie store firefox 1.5 extension (2006), http://wigginz.com/cookiestore/
18. MonkeeSage: Basic javascript file and directory IO module v2.1 (2006), available at http://kb.mozillazine.org/Io.js
19. Synovie, M.: Dev Notes: Implementing HashTable in JavaScript (2006), http://weblogs.asp.net/ssadasivuni/archive/2003/09/17/27902.aspx
20. Netcraft: Netcraft anti-phishing toolbar (2007), http://toolbar.netcraft. com
21. SpoofStick: Spoofstick home (2007), http://www.spoofstick.com/
22. Close, T.: mozdev.org - petname: index. Petname tool (2007), http://petname.mozdev.org
23. Ye, E., Smith, S.: Trusted Paths for Browsers. In: 11th USENIX Security Symposium (2002), http://www.cs.dartmouth.edu/~sws/papers/usenix02.pdf
24. Karlof, C.K., Shankar, U., Tygar, D., Wagner, D.: Locked cookies: Web authentication security against phishing, pharming, and active attacks. Technical Report UCUCB/EECS-2007-25UCB/EECS-2007-25, Electrical Engineering and Computer Sciences University of California at Berkeley (February 2007)
25. Santos, N.J.: Limited delegation (without sharing secrets) in web applications. Technical Report TR2006-574, Dartmouth College (2006)