Trusted paths for browsers

Proceedings of the 11th USENIX Security Symposium

Volumn , Issue , 2002, Pages

  Ye, Zishuang ^a   Smith, Sean ^a  

^a Dartmouth Department of Computer Science_Dartmouth College   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

WEB SERVICES;

FOLLOW UP; HUMAN USERS; SECURITY PROBLEMS; SECURITY PROTOCOLS; WEB SPOOFING;

NETWORK SECURITY;

EID: 85084161317     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (29)

1. A. Alsaid, D. Martin. “Detecting Web Bugs with Bugnosis: Privacy Advocacy through Education.” 2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag, to appear.
2. R.J. Barbalace. “Making something look hacked when it isn’t.” The Risks Digest, 21.16, December 2000.
3. S. Bonisteel. “Microsoft Browser Slips Up on SSL Certificates.” Newsbytes. December 26, 2001.
4. Bugzilla Bug 26353,“Can’t turn chrome back on in chromeless window” http://bugzilla.mozilla.org/show_bug.cgi?id=26353
5. F. De Paoli, A.L. DosSantos and R.A. Kemmerer. “Vulnerability of ‘Secure’ Web Browsers.” Proceedings of the National Information Systems Security Conference. 1997.
6. Department of Defense Trusted Computer System Evaluation Computer System Evaluation Criteria. DoD 5200.28-STD. December 1985.
7. C. Ellison. “The Nature of a Usable PKI.” Computer Networks. 31: 823-830. 1999.
8. C. Ellison. Personal communication, September 2000. See https://store.palm.com/
9. C. Ellison, C. Hall, R. Milbert, B. Schneier, “Protecting Secret Keys with Personal Entropy” Future Generation Computer Systems. Volume. 16, 2000, pp. 311-318.
10. E. Felten, D. Balfanz, D. Dean, and D. Wallach. “Web Spoofing: An Internet Con Game.” 20th National Information Systems Security Conference. 1996.
11. Gecko DOM Reference. http://www.mozilla.org/docs/dom/domref/dom_window_ref. html
12. S. Jiang, S.W. Smith, K. Minami. “Securing Web Servers against Insider Attack.” ACSA/ACM Annual Computer Security Applications Conference. December 2001.
13. K. Kain, S.W. Smith, R. Asokan. “Digital Signatures and Electronic Documents: A Cautionary Tale.” Sixth IFIP Conference on Communications and Multimedia Security. 2002. To appear.
14. Konqueror. http://www.konqueror.org/konq-browser.html
15. M. Maremont. “Extra! Extra!: Internet Hoax, Get the Details.” The Wall Street Journal. April 8, 1999.
16. The Mozilla Organization. http://www.mozilla.org/download-mozilla.html
17. E. Norman (University of Wisconsin). Personal communication, April 2002.
18. A. Perrig and D. Song. “Hash Visualization: A New Technique to Improve Real-World Security.” Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC’99). 131-138. July 1999.
19. J. Rome. “Compartmented Mode Workstations.” Oal Ridge National Laboratory. http://www.ornl.gov/~jar/doecmw.pdf April 23, 1995.
20. S.E.C. v. Gary D. Hoke, Jr. Lit. Rel. No. 16266, 70 S.E.C. Docket 1187 (Aug. 30, 1999). http://www.sec.gov/litigation/litreleases/lr16266.htm
21. S.W. Smith. WebALPS: Using Trusted Co-Servers to Enhance Privacy and Security of Web Interactions. Research Report RC 21851, IBM T.J. Watson Research Center, October 2000.
22. S.W. Smith. “WebALPS: A Survey of E-Commerce Privacy and Security Applications.” ACM SIGecom Exchanges. Volume 2.3, September 2001.
23. S.W. Smith, D. Safford. “Practical Server Privacy Using Secure Coprocessors.” IBM Systems Journal. 40: 683-695. 2001.
24. B. Sullivan. “Scam artist copies PayPal Web site.” MSNBC. July 21, 2000. (Now expired, but related discussion exists at http://www.landfield.com/isn/mail-archive/2000/Jul/0100.html)
25. J.D. Tygar and A. Whitten. “WWW Electronic Commerce and Java Trojan Horses.” The Second USENIX Workshop on Electronic Commerce Proceedings. 1996.
26. R. Weiser (DST). Personal communication, August 2001.
27. A. Whitten and J.D. Tygar. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0.” USENIX Security, 1999.
28. Z. Ye. Building Trusted Paths for Web Browsers. Master’s Thesis. Department of Computer Science, Dartmouth College. May 2002 (to appear).
29. E. Ye, Y. Yuan, S.W. Smith. Web Spoofing Revisited: SSL and Beyond. Technical Report TR2002-417, Department of Computer Science, Dartmouth College. February 2002.