Last modified: 08/27/03 11:56:54 AM
E. Ye, S.W. Smith.
``Trusted Paths for Browsers.''
11th Usenix Security Symposium.
Computer security protocols usually terminate in a computer;
however, the human-based services they support
usually terminate in a human. The gap between the human
and the computer creates potential for security problems.
This paper examines this gap, as it is manifested in "secure"
Web services. Felten et al demonstrated the potential,
in 1996, for malicious servers to impersonate honest
servers. Our recent follow-up work explicitly shows how
malicious servers can still do this-and can also forge the
existence of an SSL session and the contents of the alleged
server certificate. This paper reports the results of
our ongoing experimental work to systematically defend
against Web spoofing, by creating a trusted path from the
browser to the human user.
Tarballs, and demo
Ye Yuan Smith 2002