Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing
This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user. Starting with the Mozilla …
This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user. Starting with the Mozilla …
We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three …
Access control in Unix systems is mainly based on user IDs, yet the system calls that modify user IDs (uid-setting system calls), such as setuid, are poorly designed, …
We analyze the space of security policies that can be enforced by monitoring programs at runtime. Our program monitors are automata that examine the sequence of program …
The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win …
eEye staffers Marc Maiffret and Riley Hassell, were again busy on finding the bugs, so a new advisory hit the “streets” today. This time, there is a remote …
This contribution provides an overview of some of the security aspects of DSL-based corporate networks. With the expansion of the Internet and the increasing use of Internet …
SQL Server uses an undocumented function, pwdencrypt() to produce a hash of the user’s password, which is stored in the sysxlogins table of the master database. This is …
Some members of the open-source and free software community argue that their code is more secure, because vulnerabilities are easier for users to find and fix. Meanwhile the …
The paper is intended to be read by the portion of the security community responsible for creating protective mechanisms to guard against “shellcode” type security …
The events of recent years and especially of recent months have greatly increased awareness of information and infrastructure security, whether they are media reports of the …
This paper addresses the subject of SQL Injection in a Microsoft SQL Server/IIS/Active Server Pages environment, but most of the techniques discussed have equivalents in other …