REFERENCES
[1] Alexa. Top Sites. http://www.alexa.com/topsites.
[2] A. Barth. HTTP state management mechanism, 2010.
https://datatracker.ietf.org/doc/
draft-ietf-httpstate-cookie/.
[3] A. Barth, J. Caballero, and D. Song. Secure content
sniffing for web browsers, or how to stop papers from
reviewing themselves. In Proceedings of the 30th IEEE
Symposium on Security and Privacy, 2009.
[4] A. Barth, C. Jackson, and J. C. Mitchell. Robust
defenses for cross-site request forgery. In Proceedings of
the 15th ACM Conference on Computer and
Communications Security, 2008.
[5] T. Berners-Lee. WorldWideWeb: Proposal for a
HyperText Project, 1990.
http://www.w3.org/Proposal.html.
[6] H. Bojinov, E. Bursztein, and D. Boneh. XCS: cross
channel scripting and its impact on web applications.
In CCS ’09: Proceedings of the 16th ACM conference
on Computer and communications security, 2009.
[7] T. Close. Web-key: Mashing with permission. In Web
2.0 Security and Privacy, 2008.
[8] D. Crockford. The application/json media type for
JavaScript Object Notation (JSON), 2006.
http://tools.ietf.org/html/rfc4627.
[9] Fortify. JavaScript Hijacking Vulnerability Detected.
http://www.fortify.com/advisory.jsp.
[10] J. Franks, P. M. Hallam-Baker, J. L. Hostetler, S. D.
Lawrence, and P. J. Leach. HTTP authentication, 1999.
http://www.ietf.org/rfc/rfc2617.txt.
[11] M. Gillon. Google Desktop Exposed: Exploiting an
Internet Explorer vulnerability to phish user
information, 2005. http:
//www.hacker.co.il/security/ie/css_import.html.
[12] D. Goldsmith and M. Davis. UTF-7: A Mail-Safe
Transformation Format of Unicode, 1997.
http://tools.ietf.org/html/rfc2152.
[13] GreyMagic Software. GreyMagic Security Advisory
GM#004-IE, 2002. http://www.greymagic.com/
security/advisories/gm004-ie/.
[14] C. Grier, S. Tang, and S. T. King. Secure web browsing
with the OP web browser. In IEEE Symposium on
Security and Privacy, 2008.
[15] D. Hyatt, W. Bastian, et al. WebKit, an open source
web browser engine, 2005–2010. http://webkit.org/.
[16] C. Jackson. Improving Browser Security Policies. PhD
thesis, Stanford University, Stanford, CA, USA, 2009.
[17] C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell.
Protecting browser state from web privacy attacks. In
Proceedings of the 15th International World Wide Web
Conference. (WWW 2006), 2006.
[18] D. M. Kristol and L. Montulli. HTTP state
management mechanism, 1997.
http://www.ietf.org/rfc/rfc2109.txt.
[19] E. Lawrence. IE8 Security Part V: Comprehensive
Protection.
http://blogs.msdn.com/ie/archive/2008/07/02/
ie8-security-part-v-comprehensive-protection.
aspx.
[20] H. W. Lie. Cascading Style Sheets. PhD thesis,
University of Oslo, Norway, 2005.
http://people.opera.com/howcome/2006/phd/.
[21] T. Oda, G. Wurster, P. C. van Oorschot, and
A. Somayaji. SOMA: mutual approval for included
content in web pages. In Proceedings of the 15th ACM
conference on Computer and communications security,
2008.
[22] ofk. CSSXSS attack on mixi post key, 2008.
http://d.hatena.ne.jp/ofk/20081111/1226407593.
[23] J. Ruderman. JavaScript Security: Same Origin.
http://www.mozilla.org/projects/security/
components/same-origin.html.
[24] S. Stamm, B. Sterne, and G. Markham. Reining in the
web with content security policy. In WWW ’10:
Proceedings of the 19th international conference on
World wide web, 2010.
[25] A. van Kesteren et al. Cross-origin resource sharing
(editor’s draft), 2010.
http://dev.w3.org/2006/waf/access-control/.
[26] W3C. CSS syntax and basic data types.
http://www.w3.org/TR/CSS2/syndata.html.
[27] W3C. Document Object Model CSS. http:
//www.w3.org/TR/DOM-Level-2-Style/css.html.
[28] W3C. HTML 4.01 Specification.
http://www.w3.org/TR/html4/.
[29] H. J. Wang, C. Grier, A. Moshchuk, S. T. King,
P. Choudhury, and H. Venter. The Multi-Principal OS
Construction of the Gazelle Web Browser. In
Proceedings of the 18th USENIX Security Symposium,
2009.
[30] E. Z. Yang. HTML Purifier, 2006–2010.
http://htmlpurifier.org.
[1] Alexa. Top Sites. http://www.alexa.com/topsites.
[2] A. Barth. HTTP state management mechanism, 2010.
https://datatracker.ietf.org/doc/
draft-ietf-httpstate-cookie/.
[3] A. Barth, J. Caballero, and D. Song. Secure content
sniffing for web browsers, or how to stop papers from
reviewing themselves. In Proceedings of the 30th IEEE
Symposium on Security and Privacy, 2009.
[4] A. Barth, C. Jackson, and J. C. Mitchell. Robust
defenses for cross-site request forgery. In Proceedings of
the 15th ACM Conference on Computer and
Communications Security, 2008.
[5] T. Berners-Lee. WorldWideWeb: Proposal for a
HyperText Project, 1990.
http://www.w3.org/Proposal.html.
[6] H. Bojinov, E. Bursztein, and D. Boneh. XCS: cross
channel scripting and its impact on web applications.
In CCS ’09: Proceedings of the 16th ACM conference
on Computer and communications security, 2009.
[7] T. Close. Web-key: Mashing with permission. In Web
2.0 Security and Privacy, 2008.
[8] D. Crockford. The application/json media type for
JavaScript Object Notation (JSON), 2006.
http://tools.ietf.org/html/rfc4627.
[9] Fortify. JavaScript Hijacking Vulnerability Detected.
http://www.fortify.com/advisory.jsp.
[10] J. Franks, P. M. Hallam-Baker, J. L. Hostetler, S. D.
Lawrence, and P. J. Leach. HTTP authentication, 1999.
http://www.ietf.org/rfc/rfc2617.txt.
[11] M. Gillon. Google Desktop Exposed: Exploiting an
Internet Explorer vulnerability to phish user
information, 2005. http:
//www.hacker.co.il/security/ie/css_import.html.
[12] D. Goldsmith and M. Davis. UTF-7: A Mail-Safe
Transformation Format of Unicode, 1997.
http://tools.ietf.org/html/rfc2152.
[13] GreyMagic Software. GreyMagic Security Advisory
GM#004-IE, 2002. http://www.greymagic.com/
security/advisories/gm004-ie/.
[14] C. Grier, S. Tang, and S. T. King. Secure web browsing
with the OP web browser. In IEEE Symposium on
Security and Privacy, 2008.
[15] D. Hyatt, W. Bastian, et al. WebKit, an open source
web browser engine, 2005–2010. http://webkit.org/.
[16] C. Jackson. Improving Browser Security Policies. PhD
thesis, Stanford University, Stanford, CA, USA, 2009.
[17] C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell.
Protecting browser state from web privacy attacks. In
Proceedings of the 15th International World Wide Web
Conference. (WWW 2006), 2006.
[18] D. M. Kristol and L. Montulli. HTTP state
management mechanism, 1997.
http://www.ietf.org/rfc/rfc2109.txt.
[19] E. Lawrence. IE8 Security Part V: Comprehensive
Protection.
http://blogs.msdn.com/ie/archive/2008/07/02/
ie8-security-part-v-comprehensive-protection.
aspx.
[20] H. W. Lie. Cascading Style Sheets. PhD thesis,
University of Oslo, Norway, 2005.
http://people.opera.com/howcome/2006/phd/.
[21] T. Oda, G. Wurster, P. C. van Oorschot, and
A. Somayaji. SOMA: mutual approval for included
content in web pages. In Proceedings of the 15th ACM
conference on Computer and communications security,
2008.
[22] ofk. CSSXSS attack on mixi post key, 2008.
http://d.hatena.ne.jp/ofk/20081111/1226407593.
[23] J. Ruderman. JavaScript Security: Same Origin.
http://www.mozilla.org/projects/security/
components/same-origin.html.
[24] S. Stamm, B. Sterne, and G. Markham. Reining in the
web with content security policy. In WWW ’10:
Proceedings of the 19th international conference on
World wide web, 2010.
[25] A. van Kesteren et al. Cross-origin resource sharing
(editor’s draft), 2010.
http://dev.w3.org/2006/waf/access-control/.
[26] W3C. CSS syntax and basic data types.
http://www.w3.org/TR/CSS2/syndata.html.
[27] W3C. Document Object Model CSS. http:
//www.w3.org/TR/DOM-Level-2-Style/css.html.
[28] W3C. HTML 4.01 Specification.
http://www.w3.org/TR/html4/.
[29] H. J. Wang, C. Grier, A. Moshchuk, S. T. King,
P. Choudhury, and H. Venter. The Multi-Principal OS
Construction of the Gazelle Web Browser. In
Proceedings of the 18th USENIX Security Symposium,
2009.
[30] E. Z. Yang. HTML Purifier, 2006–2010.
http://htmlpurifier.org.
No comments:
Post a Comment