Lightweight server support for browser-based CSRF protection
作者: Alexei Czeskis , Alexander Moshchuk , Tadayoshi Kohno , Helen J. Wang
关键词:
摘要: … new CSRF defense that is (1) developer-friendly, (2) backward compatible (not blocking legitimate content), and (3) has complete coverage (defending against all CSRF … against CSRF …
acm.org
www2013.org 参考文章(14)
Justus Winter, Martin Johns, RequestRodeo: Client Side Protection against Session Riding ,(2006)
Philippe De Ryck, Lieven Desmet, Wouter Joosen, Frank Piessens, Automatic and Precise Client-Side Protection against CSRF Attacks Computer Security – ESORICS 2011. pp. 100- 116 ,(2011) , 10.1007/978-3-642-23822-2_6
Philippe De Ryck, Lieven Desmet, Thomas Heyman, Frank Piessens, Wouter Joosen, CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests Lecture Notes in Computer Science. pp. 18- 34 ,(2010) , 10.1007/978-3-642-11747-3_2
Joseph Bonneau, Mike Just, Greg Matthews, What's in a name? Evaluating statistical attacks on personal knowledge questions financial cryptography. pp. 98- 113 ,(2010) , 10.1007/978-3-642-14577-3_10
H. Frystyk, L. Masinter, J. Mogul, J. Gettys, R. Fielding, P. Leach, T. Berners-Lee, Hypertext Transfer Protocol -- HTTP/1.1 acm conference on hypertext. ,vol. 2068, pp. 1- 162 ,(1997)
Ziqing Mao, Ninghui Li, Ian Molloy, Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection Financial Cryptography and Data Security. ,vol. 5628, pp. 238- 255 ,(2009) , 10.1007/978-3-642-03549-4_15
Dirk Fox, Open Web Application Security Project Datenschutz und Datensicherheit - DuD. ,vol. 30, pp. 636- 636 ,(2006) , 10.1007/S11623-006-0164-8
Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber, Authentication in distributed systems ACM Transactions on Computer Systems. ,vol. 10, pp. 265- 310 ,(1992) , 10.1145/138873.138874
Adam Barth, Collin Jackson, John C. Mitchell, Robust defenses for cross-site request forgery Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 75- 88 ,(2008) , 10.1145/1455770.1455782
Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk, Scriptless attacks Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 760- 771 ,(2012) , 10.1145/2382196.2382276