Proceedings of the 7th ACM conference on Computer and communications security
Organization-based analysis of web-object sharing and caching
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
Exposing private information by timing web applications
Proceedings of the 16th international conference on World Wide Web
Measuring privacy loss and the impact of privacy protection in web browsing
Proceedings of the 3rd symposium on Usable privacy and security
Proceedings of the 2007 ACM workshop on Privacy in electronic society
An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism
Proceedings of the 14th ACM conference on Computer and communications security
Protecting browsers from dns rebinding attacks
Proceedings of the 14th ACM conference on Computer and communications security
ACM SIGACT News
MashupOS: operating system abstractions for client mashups
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Protecting the Intranet Against "JavaScript Malware" and Related Attacks
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
Dynamic service integration using web-based workflows
Proceedings of the 10th International Conference on Information Integration and Web-based Applications & Services
Privacy diffusion on the web: a longitudinal perspective
Proceedings of the 18th international conference on World wide web
Characterizing insecure javascript practices on the web
Proceedings of the 18th international conference on World wide web
RequestPolicy: Increasing Web Browsing Privacy through Control of Cross-Site Requests
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
Proceedings of the 16th ACM conference on Computer and communications security
Adaptive Rich User Interfaces for Human Interaction in Business Processes
WISE '09 Proceedings of the 10th International Conference on Web Information Systems Engineering
Injecting trust to cryptographic key management
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
Reining in the web with content security policy
Proceedings of the 19th international conference on World wide web
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
An automatic HTTP cookie management system
Computer Networks: The International Journal of Computer and Telecommunications Networking
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
An empirical study of privacy-violating information flows in JavaScript web applications
Proceedings of the 17th ACM conference on Computer and communications security
Protecting browsers from cross-origin CSS attacks
Proceedings of the 17th ACM conference on Computer and communications security
Web browser history detection as a real-world privacy threat
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
An analysis of private browsing modes in modern browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
An investigation of hotlinking and its countermeasures
Computer Communications
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
Contego: capability-based access control for web browsers
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Mitigating cross-site form history spamming attacks with domain-based ranking
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Re-designing the web's access control system
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
App isolation: get the security of multiple browsers with just one
Proceedings of the 18th ACM conference on Computer and communications security
Traffic properties, client side cachability and CDN usage of popular web sites
MMB&DFT'10 Proceedings of the 15th international GI/ITG conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance
From toys to products: a step towards supporting the robust reuse and integration on the web
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Detecting and defending against third-party tracking on the web
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
SCUTA: a server-side access control system for web applications
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Review: A survey on solutions and main free tools for privacy enhancing Web communications
Journal of Network and Computer Applications
Privacy-preserving social plugins
Security'12 Proceedings of the 21st USENIX conference on Security symposium
On the fragility and limitations of current browser-provided clickjacking protection schemes
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Scriptless attacks: stealing the pie without touching the sill
Proceedings of the 2012 ACM conference on Computer and communications security
Blog or block: Detecting blog bots through behavioral biometrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
A measurement study of insecure javascript practices on the web
ACM Transactions on the Web (TWEB)
Securing web-clients with instrumented code and dynamic runtime monitoring
Journal of Systems and Software
Proceedings of the 22nd international conference on World Wide Web
Cross-origin pixel stealing: timing attacks using CSS filters
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
FireDrill: interactive DNS rebinding
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Flow stealing: A well-timed redirection attack
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
Hi-index | 0.00 |
Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. This tracking is possible because persistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a "same-origin" policy and implementing two browser extensions that enforce this policy on the browser cache and visited links.We also analyze various degrees of cooperation between sites to track users, and show that even if long-term browser state is properly partitioned, it is still possible for sites to use modern web features to bounce users between sites and invisibly engage in cross-domain tracking of their visitors. Cooperative privacy attacks are an unavoidable consequence of all persistent browser state that affects the behavior of the browser, and disabling or frequently expiring this state is the only way to achieve true privacy against colluding parties.