{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T03:32:49Z","timestamp":1725593569189},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642223471"},{"type":"electronic","value":"9783642223488"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-22348-8_2","type":"book-chapter","created":{"date-parts":[[2011,6,28]],"date-time":"2011-06-28T17:59:57Z","timestamp":1309283997000},"page":"4-11","source":"Crossref","is-referenced-by-count":1,"title":["Re-designing the Web\u2019s Access Control System"],"prefix":"10.1007","author":[{"given":"Wenliang","family":"Du","sequence":"first","affiliation":[]},{"given":"Xi","family":"Tan","sequence":"additional","affiliation":[]},{"given":"Tongbo","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Karthick","family":"Jayaraman","sequence":"additional","affiliation":[]},{"given":"Zutao","family":"Zhu","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"Caja, http:\/\/code.google.com\/p\/google-caja\/"},{"key":"2_CR2","unstructured":"Christey, S., Martin, R.A.: Vulnerability type distributions in cve (version 1.1). MITRE Corporation (2007), http:\/\/cwe.mitre.org\/documents\/vuln-trends\/index.html"},{"key":"2_CR3","unstructured":"Conover, M.: Analysis of the windows vista security model. Symantec Corporation (2007), http:\/\/www.symantec.com\/avcenter\/reference\/Windows_Vista_Security_Model_Analysis.pdf"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Symantec Corp. Symantec internet security threat report: Trends for july-december 2007 (executive summary). Page 1\u20132 (2008)","DOI":"10.1016\/S1353-4858(08)70023-0"},{"key":"2_CR5","unstructured":"Douglas Crockford. ADSafe, http:\/\/www.adsafe.org"},{"key":"2_CR6","unstructured":"Dalton, M., Kozyrakis, C., Zeldovich, N.: Nemesis: Preventing authentication & access control vulnerabilities in web applications. In: Proceedings of the Eighteenth Usenix Security Symposium (Usenix Security), Montreal, Canada (2009)"},{"key":"2_CR7","unstructured":"Grossman, J.: Cross-site scripting worms and viruses. The impending threat and the best defense, http:\/\/www.whitehatsec.com\/downloads\/WHXSSThreats.pdf"},{"key":"2_CR8","unstructured":"Hallyn, S.E., Morgan, A.G.: Linux capabilities: making them work (2008), http:\/\/ols.fedoraproject.org\/OLS\/Reprints-2008\/hallyn-reprint.pdf"},{"key":"2_CR9","unstructured":"Hansen, R.: XSS cheat sheet, http:\/\/ha.ckers.org\/xss.html"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Jackson, C., Bortz, A., Boneh, D., Mitchell, J.C.: Protecting browser state from web privacy attacks. In: WWW 2006 (2006)","DOI":"10.1145\/1135777.1135884"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Jayaraman, K., Du, W., Rajagopalan, B., Chapin, S.J.: Escudo: A fine-grained protection model for web browsers. In: Proceedings of the 30th International Conference on Distributed Computing Systems (ICDCS), Genoa, Italy, June 21-25 (2010)","DOI":"10.1109\/ICDCS.2010.71"},{"key":"2_CR12","unstructured":"Kamkar, S.: The samy worm story (2005), http:\/\/namb.la\/popular\/"},{"key":"2_CR13","unstructured":"Kamkar, S.: Technical explanation of the myspace worm (2005), http:\/\/namb.la\/popular\/tech.html"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: CCS 2007 (2007)","DOI":"10.1145\/1315245.1315254"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Livshits, B., Erlingsson, \u00da.: Using web application construction frameworks to protect against code injection attacks. In: PLAS 2007 (2007)","DOI":"10.1145\/1255329.1255346"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Luo, T., Du, W.: Contego: Capability-based access control for web browsers. In: Proceedings of the 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA (2011)","DOI":"10.1007\/978-3-642-21599-5_17"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Meyerovich, L.A., Livshits, V.B.: Conscript: Specifying and enforcing fine-grained security policies for javascript in the browser. In: IEEE Symposium on Security and Privacy, pp. 481\u2013496 (2010)","DOI":"10.1109\/SP.2010.36"},{"key":"2_CR18","unstructured":"National Security Agency. Security-Enhanced Liunx, http:\/\/www.nsa.gov\/selinux\/"},{"key":"2_CR19","unstructured":"OWASP. The ten most critical web application security risks (2010), http:\/\/www.owasp.org\/index.php\/File:OWASP_T10_-_2010_rc1.pdf"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Parno, B., McCune, J.M., Wendlandt, D., Andersen, D.G., Perrig, A.: CLAMP: Practical prevention of large-scale data leaks. In: Proc. IEEE Symposium on Security and Privacy, Oakland, CA (May 2009)","DOI":"10.1109\/SP.2009.21"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Patil, K., Dong, X., Li, X., Liang, Z., Jiang, X.: Towards fine-grained access control in javascript contexts. In: Proceedings of the 31st International Conference on Distributed Computing Systems (ICDCS), Minneapolis, Minnesota, USA, June 20-24 (2011)","DOI":"10.1109\/ICDCS.2011.87"},{"key":"2_CR22","unstructured":"Solorzano, J.: The Lobo Project, http:\/\/lobobrowser.org\/"},{"key":"2_CR23","unstructured":"SUN Microsystems, Inc. White paper: Trusted Solaris 8 operating environment, http:\/\/www.sun.com\/software\/whitepapers\/wp-ts8\/ts8-wp.pdf"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Tan, X., Du, W., Luo, T., Soundararaj, K.: SCUTA: A server-side access control system for web applications. Syracuse University Technical Report (2011)","DOI":"10.1145\/2295136.2295152"},{"key":"2_CR25","unstructured":"Vance, A.: Times web ads show security breach, http:\/\/www.nytimes.com\/2009\/09\/15\/technology\/internet\/15adco.html"},{"key":"2_CR26","unstructured":"WhiteHat Security. Whitehat website security statistic report, 10th edn. (2010)"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Yip, A., Wang, X., Zeldovich, N., Kaashoek, M.F.: Improving application security with data flow assertions. In: Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, MT, October 11-14 (2009)","DOI":"10.1145\/1629575.1629604"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXV"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-22348-8_2.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T03:07:28Z","timestamp":1606187248000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-22348-8_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642223471","9783642223488"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-22348-8_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}