Security '02 Abstract
Trusted Paths for Browsers
Zishuang (Eileen) Ye and Sean Smith, Department of Computer Science
Computer security protocols usually terminate in a computer; however, the human-based services they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. This paper examines this gap, as it is manifested in ``secure'' Web services. Felten et al demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. Our recent follow-up work explicitly shows how malicious servers can still do thisand can also forge the existence of an SSL session and the contents of the alleged server certificate. This paper reports the results of our ongoing experimental work to systematically defend against Web spoofing, by creating a trusted path from the browser to the human user.
- View the full text of this paper in HTML and PDF. Until August 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.