Detecting in-flight page changes with web tripwires

5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008

Volumn , Issue , 2008, Pages 31-44

  Reis, Charles ^a   Gribble, Steven D ^a   Kohno, Tadayoshi ^a   Weaver, Nicholas C ^b  

^a UNIVERSITY OF WASHINGTON   (United States)

^b INTERNATIONAL COMPUTER SCIENCE INSTITUTE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

MALWARE; SYSTEMS ANALYSIS; WEBSITES;

ARP POISONING; CLIENT SIDES; CLIENT SOFTWARE; CROSS SITE SCRIPTING; INTEGRITY CHECK; MALICIOUS CODES; WEB CLIENTS; WEB SERVERS;

HTTP;

EID: 85075100360     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (43)

1. Technical explanation of The MySpace Worm. http://namb.la/popular/tech.html, 2005.
2. NebuAd / Service Providers. http://www.nebuad.com/providers/providers.php, Aug. 2007.
3. The Cloak: Free Anonymous Web Surfing. http://www.the-cloak.com, Oct. 2007.
4. Ad Muncher. The Ultimate Popup and Advertising Blocker. http://www.admuncher.com/, 2007.
5. B. Anderson. fair eagle taking over the world? http://benanderson.net/blog/weblog.php?id=D20070622, June 2007.
6. W. A. Arbaugh, D. J. Farber, and J. M. Smith. A Secure and Reliable Bootstrap Architecture. In IEEE Symposium on Security and Privacy, May 1997.
7. C. Babcock. Yahoo Mail Worm May Be First Of Many As Ajax Proliferates. http://www.informationweek.com/security/ showArticle.jhtml?articleID=189400799, June 2006.
8. R. Beverly. ANA Spoofer Project. http://spoofer.csail.mit.edu/, Nov. 2006.
9. Blue Coat. Blue Coat WebFilter. http://www.bluecoat.com/products/webfilter, Oct. 2007.
10. M. Casado and M. J. Freedman. Peering Through the Shroud: The Effect of Edge Opacity on IP-Based Client Identification. In NSDI, Apr. 2007.
11. M. Casado, T. Garfinkel, W. Cui, V. Paxson, and S. Savage. Opportunistic Measurement: Extracting Insight from Spurious Traffic. In HotNets-IV, 2005.
12. Chinese Internet Security Response Team. ARP attack to CISRT.org. http://www.cisrt.org/enblog/read.php?172, Oct. 2007.
13. C. S. Collberg and C. Thomborson. Watermarking, Tamper-Proofing, and Obfuscation: Tools for Software Protection. In IEEE Transactions on Software Engineering, Aug. 2002.
14. G. Combs. Wireshark: The World's Most Popular Network Protocol Analyzer. http://www.wireshark.org/, Oct. 2007.
15. D. Evans and A. Twyman. Flexible Policy-Directed Code Safety. In IEEE Symposium on Security and Privacy, pages 32-45, 1999.
16. A. Fox and E. A. Brewer. Reducing WWW Latency and Bandwidth Requirements by Real-Time Distillation. In WWW, May 1996.
17. Google. Google Analytics. http://www.google.com/analytics/, 2008.
18. D. Gryaznov. Keeping up with Nuwar. http://www.avertlabs.com/research/blog/index.php/ 2007/08/15/keeping-up-with-nuwar/, Aug. 2007.
19. Grypen. CastleCops: About Grypen's Filter Set. http://www.castlecops.com/t124920-About_Grypens_Filter_Set.html, June 2005.
20. B. Hoffman. The SPI laboratory: Jikto in the wild. http://devsecurity.com/blogs/spilabs/archive/2007/04/02/Jikto-in-the-wild. aspx, Apr. 2007.
21. Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D. T. Lee, and S.-Y. Kuo. Securing Web Application Code by Static Analysis and Runtime Protection. In WWW, May 2004.
22. O. Ismail, M. Etoh, Y. Kadobayashi, and S. Yamaguichi. A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability. In AINA, 2004.
23. T. Jim, N. Swamy, and M. Hicks. Defeating Script Injection Attacks with Browser-Enforced Embedded Policies. In WWW, May 2007.
24. E. Kiciman and B. Livshits. AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications. In SOSP, Nov. 2007.
25. G. H. Kim and E. H. Spafford. The Design and Implementation of Tripwire: A File System Integrity Checker. In CCS, Nov. 1994.
26. E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks. In ACM Symposium on Applied Computing (SAC), 2006.
27. H. V. Madhyastha, T. Isdal, M. Piatek, C. Dixon, T. Anderson, A. Krishnamurthy, and A. Venkataramani. iPlane: An Information Plane for Distributed Services. In OSDI, Nov. 2006.
28. Microsoft Developer Network. Mark of the Web. http://msdn2.microsoft.com/en-us/library/ms537628.aspx, Oct. 2007.
29. W. W. Peterson and D. T. Brown. Cyclic Codes for Error Detection. In Proceedings of IRE, Jan. 1961.
30. C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML. In OSDI, Nov. 2006.
31. J. Ruderman. The Same Origin Policy. http://www.mozilla.org/projects/security/ components/same-origin.html, 2001.
32. D. Scott and R. Sharp. Abstracting Application-Level Web Security. In WWW, May 2002.
33. sidki. Proxomitron. http://www.geocities.com/sidki3003/prox.html, Sept. 2007.
34. Symantec.com. Adware.LinkMaker. http://symantec.com/security_response/ writeup.jsp?docid=2005-030218-4635-99, Feb. 2007.
35. Symantec.com. W32.Arpiframe. http://symantec.com/security_response/ writeup.jsp?docid=2007-061222-0609-99, June 2007.
36. P. Ször and P. Ferrie. Hunting For Metamorphic. In Virus Bulletin Conference, Sept. 2001.
37. D. Vaartjes. XSS via IE MOTW feature. http://securityvulns.com/Rdocument866.html, Aug. 2007.
38. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In NDSS, 2007.
39. Web Wiz Guide. Web Wiz Forums - Free Bulletin Board System, Forum Software. http://www.webwizguide.com/webwizforums/, Oct. 2007.
40. S. Whalen. An Introduction to Arp Spoofing. http://www.rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf, Apr. 2001.
41. B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar. An Integrated Experimental Environment for Distributed Systems and Networks. In OSDI, Dec. 2002.
42. Y. Xie and A. Aiken. Static Detection of Security Vulnerabilities in Scripting Languages. In USENIX Security, Aug. 2006.
43. B. Zdrnja. Raising the bar: dynamic JavaScript obfuscation. http://isc.sans.org/diary.html?storyid=3219, Aug. 2007.