Sub-session hijacking on the web: Root causes and prevention
作者: Stefano Calzavara , Alvise Rabitti , Michele Bugliesi
DOI: 10.3233/JCS-181149
关键词: World Wide Web 、 Session hijacking 、 Computer science 、 Root (linguistics)
摘要:
sci-hub.se 参考文章(23)
Alexei Czeskis, Michael Dietz, Dan S. Wallach, Dirk Balfanz, Origin-bound certificates: a fresh approach to strong client authentication for the web usenix security symposium. pp. 16- 16 ,(2012)
Jinjin Liang, Haixin Duan, Shuo Chen, Nicholas Weaver, Tao Wan, Jian Jiang, Xiaofeng Zheng, Cookies lack integrity: real-world implications usenix security symposium. pp. 707- 721 ,(2015)
Yves Younan, Wouter Joosen, Wannes Meert, Nick Nikiforakis, Martin Johns, SessionShield: lightweight protection against session hijacking international conference on engineering secure software and systems. ,vol. 6542, pp. 87- 100 ,(2011) , 10.5555/1946341.1946351
Michele Bugliesi, Stefano Calzavara, Riccardo Focardi, Wilayat Khan, Mauro Tempesta, Provably Sound Browser-Based Enforcement of Web Session Integrity ieee computer security foundations symposium. pp. 366- 380 ,(2014) , 10.1109/CSF.2014.33
Italo Dacosta, Saurabh Chakradeo, Mustaque Ahamad, Patrick Traynor, One-time cookies ACM Transactions on Internet Technology. ,vol. 12, pp. 1- 24 ,(2012) , 10.1145/2220352.2220353
Michael Kranch, Joseph Bonneau, Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Transport Security and Key Pinning network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23162
Per A. Hallgren, Daniel T. Mauritzson, Andrei Sabelfeld, GlassTube Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security - PLAS '13. pp. 71- 82 ,(2013) , 10.1145/2465106.2465432
Kapil Singh, Alexander Moshchuk, Helen J. Wang, Wenke Lee, On the Incoherencies in Web Browser Access Control Policies ieee symposium on security and privacy. pp. 463- 478 ,(2010) , 10.1109/SP.2010.35
Adam Barth, Collin Jackson, John C. Mitchell, Robust defenses for cross-site request forgery Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 75- 88 ,(2008) , 10.1145/1455770.1455782
Ben Adida, Sessionlock Proceeding of the 17th international conference on World Wide Web - WWW '08. pp. 517- 524 ,(2008) , 10.1145/1367497.1367568