Puppetnets-Reference-Cited by-同舟云学术

Puppetnets

Published:2008-12 Issue:2 Volume:12 Page:1-38
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Antonatos Spiros¹,Akritidis Periklis²,Lam Vinh The³,Anagnostakis Kostas G.⁴

Affiliation:

1. FORTH-ICS

2. Cambridge University

3. University of California

4. Institute for Infocomm Research (I2R)

Abstract

Most of the recent work on Web security focuses on preventing attacks that directly harm the browser’s host machine and user. In this paper we attempt to quantify the threat of browsers being indirectly misused for attacking third parties. Specifically, we look at how the existing Web infrastructure (e.g., the languages, protocols, and security policies) can be exploited by malicious or subverted Web sites to remotely instruct browsers to orchestrate actions including denial of service attacks, worm propagation, and reconnaissance scans. We show that attackers are able to create powerful botnet-like infrastructures that can cause significant damage. We explore the effectiveness of countermeasures including anomaly detection and more fine-grained browser security policies.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/1455518.1477941

Reference69 articles.

1. ABC Electronic. 2006. ABCE Database. http://www.abce.org.uk/cgi-bin/gen5?runprog=abce/abce&noc=y. ABC Electronic. 2006. ABCE Database. http://www.abce.org.uk/cgi-bin/gen5?runprog=abce/abce&noc=y.

2. Alcorn W. 2005. The cross-site scripting virus. http://www.bindshell.net/papers/xssv/xssv.html. Alcorn W. 2005. The cross-site scripting virus. http://www.bindshell.net/papers/xssv/xssv.html.

3. Alexa Internet Inc. 2006. Global top 500. http://www.alexa.com/site/ds/top_500. Alexa Internet Inc. 2006. Global top 500. http://www.alexa.com/site/ds/top_500.

4. Andersen S. and Abella V. 2004. Changes to functionality in Microsoft Windows XP Service Pack 2 Part 2: Network Protection Technologies. Microsoft TechNet. http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx. Andersen S. and Abella V. 2004. Changes to functionality in Microsoft Windows XP Service Pack 2 Part 2: Network Protection Technologies. Microsoft TechNet. http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx.

5. Anonymous. 2004. About the Alexa Toolbar and traffic monitoring service: How accurate is Alexa? http://www.mediacollege.com/internet/utilities/alexa/. Anonymous. 2004. About the Alexa Toolbar and traffic monitoring service: How accurate is Alexa? http://www.mediacollege.com/internet/utilities/alexa/.

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Local Storage on Steroids: Abusing Web Browsers for Hidden Content Storage and Distribution;Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering;2018

2. When Your Browser Becomes the Paper Boy;ICT Systems Security and Privacy Protection;2018

3. Why Web Servers Should Fear Their Clients;Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering;2015

4. Cross-Site Framing Attacks;Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015;2015

5. DNSSEC for cyber forensics;EURASIP Journal on Information Security;2014-10-22