Papers
www.cs.dartmouth.edu/~sws/abstracts/ys02.shtml
Last modified: Wednesday, 27-Aug-2003 11:56:54 EDT

E. Ye, S.W. Smith.
``Trusted Paths for Browsers.''
11th Usenix Security Symposium. August 2002

Abstract

Computer security protocols usually terminate in a computer; however, the human-based services they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. This paper examines this gap, as it is manifested in "secure" Web services. Felten et al demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. Our recent follow-up work explicitly shows how malicious servers can still do this-and can also forge the existence of an SSL session and the contents of the alleged server certificate. This paper reports the results of our ongoing experimental work to systematically defend against Web spoofing, by creating a trusted path from the browser to the human user.

Download

PDF

Tarballs, and demo

See Also

Ye thesis

Ye Yuan Smith 2002

Spoofing demo

Back to home page Maintained by Sean Smith, sws@cs.dartmouth.edu