Author image not provided
 Adam Barth

Authors:
Add personal information
  Affiliation history
Bibliometrics: publication history
Average citations per article30.35
Citation Count789
Publication count26
Publication years2004-2012
Available for download12
Average downloads per article7,143.50
Downloads (cumulative)85,722
Downloads (12 Months)5,284
Downloads (6 Weeks)404
SEARCH
ROLE
Arrow RightAuthor only


AUTHOR'S COLLEAGUES
See all colleagues of this author

SUBJECT AREAS
See all subject areas




BOOKMARK & SHARE


26 results found Export Results: bibtexendnoteacmrefcsv

Result 1 – 20 of 26
Result page: 1 2

Sort by:

1
July 2012 IEEE Transactions on Dependable and Secure Computing: Volume 9 Issue 4, July 2012
Publisher: IEEE Computer Society Press
Bibliometrics:
Citation Count: 1

Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security ...
Keywords: Reactive security, risk management, attack graphs, online learning, adversarial learning, game theory.

2 published by ACM
October 2011 CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
Publisher: ACM
Bibliometrics:
Citation Count: 14
Downloads (6 Weeks): 2,   Downloads (12 Months): 23,   Downloads (Overall): 633

Full text available: PDFPDF
Many browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. We explain the security benefits that using multiple browsers provides in terms of two concepts: entry-point restriction and state isolation. We combine these concepts into a ...
Keywords: cross-site scripting, security modeling, web browser architecture, cross-site request forgery, isolation, web application security

3
August 2011 HotSec'11: Proceedings of the 6th USENIX conference on Hot topics in security
Publisher: USENIX Association
Bibliometrics:
Citation Count: 7

With the proliferation of content rich web applications, content injection has become an increasing problem. Cross site scripting is the most prominent examples of this. Many systems have been designed to mitigate content injection and cross site scripting. Notable examples are BEEP, BLUEPRINT, and Content Security Policy, which can be ...

4
July 2010 CSF '10: Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Publisher: IEEE Computer Society
Bibliometrics:
Citation Count: 48

We propose a formal model of web security based on an abstraction of the web platform and use this model to analyze the security of several sample web mechanisms and applications. We identify three distinct threat models that can be used to analyze web applications, ranging from a web attacker ...

5 published by ACM
April 2010 WWW '10: Proceedings of the 19th international conference on World wide web
Publisher: ACM
Bibliometrics:
Citation Count: 52
Downloads (6 Weeks): 6,   Downloads (12 Months): 91,   Downloads (Overall): 1,168

Full text available: PDFPDF  PrcPrc  ePubePub
Cross-site scripting flaws have now surpassed buffer overflows as the world's most common publicly-reported security vulnerability. In recent years, browser vendors and researchers have tried to develop client-side filters to mitigate these attacks. We analyze the best existing filters and find them to be either unacceptably slow or easily circumvented. ...
Keywords: XSS, cross-site scripting, filter, browser, web

6
January 2010 FC'10: Proceedings of the 14th international conference on Financial Cryptography and Data Security
Publisher: Springer-Verlag
Bibliometrics:
Citation Count: 4

Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security ...

7
August 2009 SSYM'09: Proceedings of the 18th conference on USENIX security symposium
Publisher: USENIX Association
Bibliometrics:
Citation Count: 16

We identify a class of Web browser implementation vulnerabilities, cross-origin JavaScript capability leaks, which occur when the browser leaks a JavaScript pointer from one security origin to another. We devise an algorithm for detecting these vulnerabilities by monitoring the "points-to" relation of the JavaScript heap. Our algorithm finds a number ...

8
August 2009 WOOT'09: Proceedings of the 3rd USENIX conference on Offensive technologies
Publisher: USENIX Association
Bibliometrics:
Citation Count: 7

A number of commercial cloud-based password managers use bookmarklets to automatically populate and submit login forms. Unfortunately, an attacker web site can maliciously alter the JavaScript environment and, when the login bookmarklet is invoked, steal the user's passwords. We describe general attack techniques for altering a bookmarklet's JavaScript environment and ...

9 published by ACM
August 2009 Communications of the ACM - A Blind Person's Interaction with Technology: Volume 52 Issue 8, August 2009
Publisher: ACM
Bibliometrics:
Citation Count: 8
Downloads (6 Weeks): 143,   Downloads (12 Months): 3,113,   Downloads (Overall): 14,544

Full text available: HtmlHtml  PDFPDF
To shield the browser from attacks, Google Chrome developers eyed three key problems.

10 published by ACM
June 2009 Communications of the ACM - One Laptop Per Child: Vision vs. Reality: Volume 52 Issue 6, June 2009
Publisher: ACM
Bibliometrics:
Citation Count: 21
Downloads (6 Weeks): 4,   Downloads (12 Months): 46,   Downloads (Overall): 1,352

Full text available: HtmlHtml  PDFPDF
Many Web sites embed third-party content in frames, relying on the browser's security policy to protect against malicious content. However, frames provide insufficient isolation in browsers that let framed content navigate other frames. We evaluate existing frame navigation policies and advocate a stricter policy, which we deploy in the open-source ...

11 published by ACM
June 2009 Queue - Distributed Computing: Volume 7 Issue 5, June 2009
Publisher: ACM
Bibliometrics:
Citation Count: 3
Downloads (6 Weeks): 191,   Downloads (12 Months): 1,434,   Downloads (Overall): 55,217

Full text available: HtmlHtml  PDFPDF
Google Chrome developers focused on three key problems to shield the browser from attacks.

12
May 2009 SP '09: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Publisher: IEEE Computer Society
Bibliometrics:
Citation Count: 24

Cross-site scripting defenses often focus on HTML documents, neglecting attacks involving the browser's content-sniffing algorithm, which can treat non-HTML content as HTML.Web applications, such as the one that manages this conference, must defend themselves against these attacks or risk authors uploading malicious papers that automatically submit stellar self-reviews.In this paper, ...
Keywords: Web, Security, Cross-Site Scripting, Content-Sniffing, MIME

13 published by ACM
January 2009 ACM Transactions on the Web (TWEB): Volume 3 Issue 1, January 2009
Publisher: ACM
Bibliometrics:
Citation Count: 9
Downloads (6 Weeks): 2,   Downloads (12 Months): 102,   Downloads (Overall): 3,305

Full text available: PDFPDF
DNS rebinding attacks subvert the same-origin policy of browsers, converting them into open network proxies. Using DNS rebinding, an attacker can circumvent organizational and personal firewalls, send spam email, and defraud pay-per-click advertisers. We evaluate the cost effectiveness of mounting DNS rebinding attacks, finding that an attacker requires less than ...
Keywords: Same-origin policy, spam, DNS, click fraud, firewall

14 published by ACM
October 2008 CCS '08: Proceedings of the 15th ACM conference on Computer and communications security
Publisher: ACM
Bibliometrics:
Citation Count: 110
Downloads (6 Weeks): 19,   Downloads (12 Months): 198,   Downloads (Overall): 2,660

Full text available: PDFPDF
Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability. In this paper, we present a new variation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the victim into the honest web site as the attacker. The severity of ...
Keywords: cross-site request forgery, http referer header, same-origin policy, web application firewall

15
July 2008 SS'08: Proceedings of the 17th conference on Security symposium
Publisher: USENIX Association
Bibliometrics:
Citation Count: 30

Many web sites embed third-party content in frames, relying on the browser's security policy to protect them from malicious content. Frames, however, are often insufficient isolation primitives because most browsers let framed content manipulate other frames through navigation. We evaluate existing frame navigation policies and advocate a stricter policy, which ...

16 published by ACM
April 2008 WWW '08: Proceedings of the 17th international conference on World Wide Web
Publisher: ACM
Bibliometrics:
Citation Count: 28
Downloads (6 Weeks): 8,   Downloads (12 Months): 51,   Downloads (Overall): 1,066

Full text available: PDFPDF
As wireless networks proliferate, web browsers operate in an increasingly hostile network environment. The HTTPS protocol has the potential to protect web users from network attackers, but real-world deployments must cope with misconfigured servers, causing imperfect web sites and users to compromise browsing sessions inadvertently. ForceHTTPS is a simple browser ...
Keywords: HTTPS, eavesdropping, pharming, same-origin policy

17
January 2008
Bibliometrics:
Citation Count: 0

Organizations, such as hospitals and financial institutions, that use privacy-sensitive information face the challenge of complying with privacy regulations and their own privacy policies. These regulations and policies are often written in natural language (or legalese), making it difficult for information systems to aid in assuring compliance. In this thesis, ...

18 published by ACM
October 2007 CCS '07: Proceedings of the 14th ACM conference on Computer and communications security
Publisher: ACM
Bibliometrics:
Citation Count: 32
Downloads (6 Weeks): 1,   Downloads (12 Months): 7,   Downloads (Overall): 1,099

Full text available: PDFPDF
DNS rebinding attacks subvert the same-origin policy of browsers and convert them into open network proxies. We survey new DNS rebinding attacks that exploit the interaction between browsers and their plug-ins, such as Flash and Java. These attacks can be used to circumvent firewalls and are highly cost-effective for sending ...
Keywords: click fraud, dns, firewall, same-origin policy, spam

19
July 2007 CSF '07: Proceedings of the 20th IEEE Computer Security Foundations Symposium
Publisher: IEEE Computer Society
Bibliometrics:
Citation Count: 28

We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles ...

20
February 2007 FC'07/USEC'07: Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Publisher: Springer-Verlag
Bibliometrics:
Citation Count: 37

In this usability study of phishing attacks and browser antiphishing defenses, 27 users each classified 12 web sites as fraudulent or legitimate. By dividing these users into three groups, our controlled study measured both the effect of extended validation certificates that appear only at legitimate sites and the effect of ...



The ACM Digital Library is published by the Association for Computing Machinery. Copyright © 2018 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us