Theses

http://www.cs.dartmouth.edu/~sws/abstracts/ye.shtml     Last modified: 08/27/03 04:10:01 PM

Eileen Zishuang Ye.
Building Trusted Paths for Web Browsers. Technical Report TR2002-430, Dept of Computer Science, Dartmouth College.
May 2002.

Master's thesis; advisor: S.W. Smith.

Abstract

The communication between the Web browser and the human user is one component of the server-client channel. It is not the user but the browser that receives all server information and establishes the secure connection. The browser's user interface signals, such as SSL lock, https protocol header et al., indicate whether the browser-server communication at the current moment is secure. Those user interface signals indicating the security status of browser should be clearly and correctly understood by the user.

A survey of modern Web browsers shows the information provided by current browsers is insufficient for users to make trust judgment. Our Web spoofing work further proved that the browser status information is not reliable either.

We discuss the criteria for and how to build the trusted paths between a browser and a human user. We present an open source implementation of one of the designs--synchronized random dynamic (SRD) boundary, based on Modified Mozilla source code, together with its usability study results.

Download

(pdf)

See Also

Ye Smith 2002

Ye Yuan Smith 2002


Back to home page Maintained by Sean Smith, sws@cs.dartmouth.edu