SCOPUS 정보 검색 플랫폼

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2010, Pages 463-478

On the incoherencies in web browser access control policies

(4) Singh, Kapil a Moshchuk, Alexander b Wang, Helen J b Lee, Wenke a

a GEORGIA INSTITUTE OF TECHNOLOGY (United States)

b MICROSOFT RESEARCH (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL POLICIES; BACKWARD COMPATIBILITY; REAL-WORLD; RUNTIMES; WEB APPLICATION; WEB DEVELOPERS;

ACCESS CONTROL; SECURITY SYSTEMS; WORLD WIDE WEB;

WEB BROWSERS;

EID: 77955224128 PISSN: 10816011 EISSN: None Source Type: Conference Proceeding
DOI: 10.1109/SP.2010.35 Document Type: Conference Paper

Times cited : (58)

References (34)

1
- 41149109640
- Protection and communication abstractions for web browsers in mashupOS
- Stevenson, WA, Oct.
- st ACM Symposium on Operating Systems Principles (SOSP), Stevenson, WA, Oct. 2007.
- (2007) st ACM Symposium on Operating Systems Principles (SOSP)
- Wang, H.J.¹ Fan, X.² Howell, J.³ Jackson, C.⁴

2
- 58849150637
- Beware of finer-grained origins
- Oakland, CA, May
- C. Jackson and A. Barth, "Beware of Finer-Grained Origins," in Web 2.0 Security and Privacy (W2SP), Oakland, CA, May 2008. [Online]. Available: http://seclab.stanford.edu/websec/ origins/fgo.pdf
- (2008) Web 2.0 Security and Privacy (W2SP)
- Jackson, C.¹ Barth, A.²

3
- 77954608267
- The multi-principal OS construction of the gazelle web browser
- Montreal, Canada, Aug.
- th USENIX Security Symposium, Montreal, Canada, Aug. 2009.
- (2009) th USENIX Security Symposium
- Wang, H.J.¹ Grier, C.² Moshchuk, A.³ King, S.T.⁴ Choudhury, P.⁵ Venter, H.⁶

4
- 79952338164
- Accessed on Nov. 14
- J. Ruderman, "Same Origin Policy for JavaScript," http://www.mozilla.org/projects/security/components/ same-origin.html. Accessed on Nov. 14, 2009.
- (2009) Same Origin Policy for JavaScript
- Ruderman, J.¹

5
- 77955182541
- "Alexa," http://www.alexa.com/.
- Alexa

6
- 77955216221
- Accessed on Nov. 14
- "Document Object Model," http://www.w3.org/DOM/. Accessed on Nov. 14, 2009.
- (2009)

7
- 0009517422
- HTTP state management mechanism
- Oct.
- D. Kristol and L. Montulli, "HTTP State Management Mechanism," in IETF RFC 2965, Oct. 2000.
- (2000) IETF RFC , vol.2965
- Kristol, D.¹ Montulli, L.²

8
- 0003889134
- O'Reilly Media Inc.
- D. Flanagan, Javascript: The Definitive Guide. O'Reilly Media Inc., 2006.
- (2006) Javascript: The Definitive Guide
- Flanagan, D.¹

9
- 77949669849
- Accessed on Nov. 14, 2009.
- M. Zalewski, "Browser Security Handbook," 2008, http:// code.google.com/p/browsersec/wiki/Main. Accessed on Nov. 14, 2009.
- (2008) Browser Security Handbook
- Zalewski, M.¹

10
- 77955220132
- HTTP state management mechanism
- Feb
- A. Barth, "HTTP State Management Mechanism," IETF Draft 2109, Feb 2010, http://tools.ietf.org/html/ draft-ietf-httpstate-cookie-03.
- (2010) IETF Draft 2109
- Barth, A.¹

11
- 57349089194
- Force HTTPS: Protecting highsecurity web sites from network attacks
- C. Jackson and A. Barth, "ForceHTTPS: Protecting HighSecurity Web Sites from Network Attacks," in WWW, 2008.
- (2008) WWW
- Jackson, C.¹ Barth, A.²

12
- 77955180982
- October
- "HTML 5 Editor's Draft," October 2008, http://www.w3.org/ html/wg/html5/.
- (2008) HTML 5 editor's draft

13
- 85055250091
- Securing frame communication in browsers
- San Jose, CA, Jul.
- th USENIX Security Symposium, San Jose, CA, Jul. 2008.
- (2008) th USENIX Security Symposium
- Barth, A.¹ Jackson, C.² Mitchell, J.C.³

14
- 77955202085
- Accessed on Nov. 14
- "XMLHttpRequest," http://www.w3.org/TR/ XMLHttpRequest/. Accessed on Nov. 14, 2009.
- (2009) XMLHttpRequest

15
- 77955214548
- Accessed on Nov. 14
- "XMLHttpRequest Level 2," http://www.w3.org/TR/ XMLHttpRequest2/. Accessed on Nov. 14, 2009.
- (2009) XMLHttpRequest Level 2

16
- 77955224196
- Accessed on Nov. 14
- "Mitigating Cross-site Scripting With HTTP-only Cookies," http://msdn2.microsoft.com/en-us/library/ms533046.aspx. Accessed on Nov. 14, 2009.
- (2009) Mitigating Cross-site Scripting with HTTP-only Cookies

17
- 77955220375
- Accessed on Nov. 14
- "HttpOnly," http://www.owasp.org/index.php/HTTPOnly. Accessed on Nov. 14, 2009.
- (2009) HttpOnly

18
- 77955226230
- Accessed on Nov. 14
- "Mozilla Foundation Security Advisory 2009-05: XMLHttpRequest allows reading HTTPOnIy cookies," http:// www.mozilla.org/security/announce/2009/ mfsa2009-05.html. Accessed on Nov. 14, 2009.
- (2009) Mozilla Foundation Security Advisory 2009-05: XMLHttpRequest Allows Reading HTTPOnIy Cookies

19
- 77954470294
- "Clickjacking," http://en.wikipedia.org/wiki/Clickjacking.
- Clickjacking

20
- 79959877427
- Accessed on Nov. 14, 2009.
- "Whats New in Internet Explorer 8," 2008, http:// msdn.microsoft.com/en-us/library/cc288472.aspx. Accessed on Nov. 14, 2009.
- (2008) Whats New in Internet Explorer 8

21
- 34250634485
- Protecting browser state from web privacy attacks
- Edinburgh, Scotland, May
- th International Conference on World Wide Web (WWW), Edinburgh, Scotland, May 2006.
- (2006) th International Conference on World Wide Web (WWW)
- Jackson, C.¹ Bortz, A.² Boneh, D.³ Mitchell, J.C.⁴

22
- 77955224876
- Accessed on Nov. 14
- M. Zalewski and F. Almeida, "Browser DOM Access Checker 1.01," http://lcamtuf.coredump.cx/dom-checker/. Accessed on Nov. 14, 2009.
- (2009) Browser DOM Access Checker 1.01
- Zalewski, M.¹ Almeida, F.²

23
- 77955215447
- Accessed on Nov. 14
- C. Jackson and A. Barth, "Browserscope Security Test Suite," http://mayscript.com/blog/collinj/ browserscope-security-test-suite. Accessed on Nov. 14, 2009.
- (2009) Browserscope Security Test Suite
- Jackson, C.¹ Barth, A.²

24
- 84865647705
- Characterizing insecure javascript practices on the web
- Madrid, Spain, Apr.
- th International Conference on World Wide Web (WWW), Madrid, Spain, Apr. 2009.
- (2009) th International Conference on World Wide Web (WWW)
- Yue, C.¹ Wang, H.²

25
- 77950481676
- Accessed on Nov. 14
- E. Lawrence, "Fiddler web debugging tool," http://www. flddler2.com/flddler2/. Accessed on Nov. 14, 2009.
- (2009) Fiddler Web Debugging Tool
- Lawrence, E.¹

26
- 77955223886
- Accessed on Nov. 14
- "FiddlerCore," http://flddler.wikidot.com/flddlercore. Accessed on Nov. 14, 2009.
- (2009) FiddlerCore

27
- 78650757983
- Accessed on Mar. 1
- "BugMeNot," http://www.bugmenot.com/. Accessed on Mar. 1, 2010.
- (2010) BugMeNot

28
- 77955202083
- Accessed on Nov. 14
- M. O'Neal, "Cookie Path Best Practice," http://research. corsaire.com/whitepapers/040323-cookie-path-best-practice. pdf. Accessed on Nov. 14, 2009.
- (2009) Cookie Path Best Practice
- O'Neal, M.¹

29
- 77955179745
- Accessed on Nov. 14
- "Browserscope," http://www.browserscope.org/. Accessed on Nov. 14, 2009.
- (2009)

30
- 40249106140
- A crawler-based study of spyware on the web
- San Diego, CA, Feb.
- th Annual Network and Distributed Systems Security Symposium (NDSS), San Diego, CA, Feb. 2006.
- (2006) th Annual Network and Distributed Systems Security Symposium (NDSS)
- Moshchuk, A.¹ Bragin, T.² Gribble, S.D.³ Levy, H.M.⁴

31
- 77954485245
- Automated web patrol with strider honeymonkeys
- San Diego, CA, Feb.
- th Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2006.
- (2006) th Network and Distributed System Security Symposium (NDSS)
- Wang, Y.-M.¹ Beck, D.² Jiang, X.³ Roussev, R.⁴ Verbowski, C.⁵ Chen, S.⁶ King, S.⁷

32
- 80053650188
- All your iframes point to Us
- San Jose, CA, Jul.
- th USENIX Security Symposium, San Jose, CA, Jul. 2008.
- (2008) th USENIX Security Symposium
- Provos, N.¹ Mavrommatis, P.² Rajab, M.³ Monrose, F.⁴

33
- 85080711655
- The ghost in the browser: Analysis of webbased malware
- Berkeley, CA, USA
- st Workshop on Hot Topics in Understanding Botnets (HotBots), Berkeley, CA, USA, 2007.
- (2007) st Workshop on Hot Topics in Understanding Botnets (HotBots)
- Provos, N.¹ McNamee, D.² Mavrommatis, P.³ Wang, K.⁴ Modadugu, N.⁵

34
- 85076893377
- Spy proxy: Execution-based detection of malicious web content
- Boston, MA, Aug.
- th USENIX Security Symposium, Boston, MA, Aug. 2007.
- (2007) th USENIX Security Symposium
- Moshchuk, A.¹ Bragin, T.² Deville, D.³ Gribble, S.D.⁴ Levy, H.M.⁵

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.