enter search term and/or author name
We present practical off-path TCP injection attacks for connections between current, nonbuggy browsers and Web servers. The attacks allow Web-cache poisoning with malicious objects such as spoofed Web pages and scripts; these objects can be...
A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most...
Cross-Domain Password-Based Authenticated Key Exchange Revisited
Liqun Chen, Hoon Wei Lim, Guomin Yang
Article No.: 15
We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key...
An Anti-Phishing System Employing Diffused Information
Teh-Chung Chen, Torin Stepan, Scott Dick, James Miller
Article No.: 16
The phishing scam and its variants are estimated to cost victims billions of dollars per year. Researchers have responded with a number of anti-phishing systems, based either on blacklists or on heuristics. The former cannot cope with the churn of...
Sophisticated Access Control via SMT and Logical Frameworks
Konstantine Arkoudas, Ritu Chadha, Jason Chiang
Article No.: 17
We introduce a new methodology for formulating, analyzing, and applying access-control policies. Policies are expressed as formal theories in the SMT (satisfiability-modulo-theories) subset of typed first-order logic, and represented in a...