Trusted paths for browsers-Reference-Cited by-同舟云学术

Trusted paths for browsers

Published:2005-05 Issue:2 Volume:8 Page:153-186
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Ye Zishuang (Eileen)¹,Smith Sean¹,Anthony Denise¹

Affiliation:

1. Dartmouth College, Hanover, NH

Abstract

Computer security protocols usually terminate in a computer; however, the human-based services which they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. We examine this gap, as it is manifested in secure Web servers. Felten et al. demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. In this paper, we show how malicious servers can still do this---and can also forge the existence of an SSL session and the contents of the alleged server certificate. We then consider how to systematically defend against Web spoofing, by creating a trusted path from the browser to the human user. We present potential designs, propose a new one, prototype it in open-source Mozilla, and demonstrate its effectiveness via user studies.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/1065545.1065546

Reference40 articles.

1. ArticSoft Limited. 2000 WebAssurity. Online resource. http://www.articsoft.com/webassurity. htm. ArticSoft Limited. 2000 WebAssurity. Online resource. http://www.articsoft.com/webassurity. htm.

2. Making something look hacked when it isn't;Barbalac R.;The Risks Digest,2000

3. Bonisteel S. 2001. Microsoft browser slips up on SSL certificates. Online resource. http://www.computeruser.com/news/01/12/27/news4.html. Bonisteel S. 2001. Microsoft browser slips up on SSL certificates. Online resource. http://www.computeruser.com/news/01/12/27/news4.html.

4. Dean D. and Wallach D. 2001. Personal communication. Dean D. and Wallach D. 2001. Personal communication.

Cited by 38 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. TrustGlass: Human-Computer Trusted Paths with Augmented Reality Smart Glasses;2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom);2023-11-01

2. Pen-Drive Based Password Management System for Online Accounts;Advances in Intelligent Systems and Computing;2018-12-12

3. Invalid certificates in modern browsers: A socio-technical analysis;Journal of Computer Security;2018-07-10

4. Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers;Proceedings on Privacy Enhancing Technologies;2018-02-20

5. Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing;Security and Communication Networks;2017