Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Protection and communication abstractions for web browsers in MashupOS
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
MashupOS: operating system abstractions for client mashups
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Hi-index | 0.00 |
The rich nature of modern Web services and the emerging "mash-up" programming model, make it difficult to predict the potential interactions and usage scenarios that can emerge. Moreover, while the potential security implications for individual client browsers have been widely internalized (e.g., XSS, CSRF, etc.) there is less appreciation of the risks posed in the other direction-- of user abuse on Web service providers. In particular, we argue that Web services and pieces of services can be easily combined to create entirely new capabilities that may themselves be at odds with the security policies that providers (or the Internet community at large) desire to enforce. As a proof-of-concept we demonstrate a fully-functioning Web proxy service called CloudProxy. Constructed entirely out of pieces of unrelated Google and Facebook functionality, CloudProxy effectively launders a user's connection through these provider's resources.