Papers     Last modified: 08/27/03 11:56:54 AM

E. Ye, S.W. Smith.
``Trusted Paths for Browsers.''
11th Usenix Security Symposium. August 2002


Computer security protocols usually terminate in a computer; however, the human-based services they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. This paper examines this gap, as it is manifested in "secure" Web services. Felten et al demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. Our recent follow-up work explicitly shows how malicious servers can still do this-and can also forge the existence of an SSL session and the contents of the alleged server certificate. This paper reports the results of our ongoing experimental work to systematically defend against Web spoofing, by creating a trusted path from the browser to the human user.



Tarballs, and demo

See Also

Ye thesis

Ye Yuan Smith 2002

Spoofing demo

Back to home page Maintained by Sean Smith,