Knittel et al., 2021 - Google Patents
Xsinator. com: From a formal model to the automatic evaluation of cross-site leaks in web browsersKnittel et al., 2021
View PDF- Document ID
- 16763973379484057822
- Author
- Knittel L
- Mainka C
- Niemietz M
- Noß D
- Schwenk J
- Publication year
- Publication venue
- Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
External Links
Snippet
Cross-Site Leaks (XS-Leaks) describe a client-side bug that allows an attacker to collect side-channel information from a cross-origin HTTP resource. They are a significant threat to Internet privacy since simply visiting a web page may reveal if the victim is a drug addict or …
- 238000011156 evaluation 0 title description 25
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sanchez-Rola et al. | Extension breakdown: Security analysis of browsers extension resources control policies | |
| Bianchi et al. | What the app is that? deception and countermeasures in the android user interface | |
| Andrews et al. | How to break web software: Functional and security testing of web applications and web services | |
| Lekies et al. | The Unexpected Dangers of Dynamic {JavaScript} | |
| Stock et al. | Protecting users against xss-based password manager abuse | |
| Knittel et al. | Xsinator. com: From a formal model to the automatic evaluation of cross-site leaks in web browsers | |
| Blankstein et al. | Automating isolation and least privilege in web services | |
| Eriksson et al. | Hardening the security analysis of browser extensions | |
| Heiderich | Towards elimination of xss attacks with a trusted and capability controlled dom | |
| Shahriar et al. | Proclick: a framework for testing clickjacking attacks in web applications | |
| Toreini et al. | DOMtegrity: ensuring web page integrity against malicious browser extensions | |
| Van Acker et al. | Password meters and generators on the web: From large-scale empirical study to getting it right | |
| Gupta et al. | Evaluation and monitoring of XSS defensive solutions: a survey, open research issues and future directions | |
| Bui et al. | Xss vulnerabilities in cloud-application add-ons | |
| Onarlioglu et al. | Sentinel: Securing legacy firefox extensions | |
| Tao et al. | Opening a Pandora's box: things you should know in the era of custom GPTs | |
| Kim et al. | Extending a hand to attackers: browser privilege escalation attacks via extensions | |
| Sierra et al. | Defending your android app | |
| Saini et al. | Colluding browser extension attack on user privacy and its implication for web browsers | |
| Saini et al. | The darker side of firefox extension | |
| Musch et al. | Server-Side Browsers: Exploring the Web's Hidden Attack Surface | |
| Golubovic | Attacking browser extensions | |
| Agarwal et al. | First, Do No Harm: Studying the manipulation of security headers in browser extensions | |
| Sentana et al. | An empirical analysis of security and privacy risks in android cryptocurrency wallet apps | |
| Guan et al. | DangerNeighbor attack: Information leakage via postMessage mechanism in HTML5 |