{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T20:44:22Z","timestamp":1776113062394,"version":"3.50.1"},"reference-count":39,"publisher":"Association for Computing Machinery (ACM)","issue":"2","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2005,5]]},"abstract":"<jats:p>\n            Computer security protocols usually terminate in a computer; however, the human-based services which they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. We examine this gap, as it is manifested in secure Web servers. Felten et al. demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. In this paper, we show how malicious servers can still do this---and can also forge the existence of an SSL session and the contents of the alleged server certificate. We then consider how to systematically\n            <jats:italic>defend<\/jats:italic>\n            against Web spoofing, by creating a\n            <jats:italic>trusted path<\/jats:italic>\n            from the browser to the human user. We present potential designs, propose a new one, prototype it in open-source Mozilla, and demonstrate its effectiveness via user studies.\n          <\/jats:p>","DOI":"10.1145\/1065545.1065546","type":"journal-article","created":{"date-parts":[[2005,8,3]],"date-time":"2005-08-03T08:30:55Z","timestamp":1123057855000},"page":"153-186","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":53,"title":["Trusted paths for browsers"],"prefix":"10.1145","volume":"8","author":[{"given":"Zishuang (Eileen)","family":"Ye","sequence":"first","affiliation":[{"name":"Dartmouth College, Hanover, NH"}]},{"given":"Sean","family":"Smith","sequence":"additional","affiliation":[{"name":"Dartmouth College, Hanover, NH"}]},{"given":"Denise","family":"Anthony","sequence":"additional","affiliation":[{"name":"Dartmouth College, Hanover, NH"}]}],"member":"320","published-online":{"date-parts":[[2005,5]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 2nd Workshop on Privacy Enhancing Technologies","author":"Alsaid A.","unstructured":"Alsaid , A. and Marti , D . 2002. Detecting web bugs with bugnosis: Privacy advocacy through education . In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies , San Fransicsco, CA. Springer-Verlag, Berlin. Alsaid, A. and Marti, D. 2002. Detecting web bugs with bugnosis: Privacy advocacy through education. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies, San Fransicsco, CA. Springer-Verlag, Berlin."},{"key":"e_1_2_1_2_1","unstructured":"ArticSoft Limited. 2000 WebAssurity. Online resource. http:\/\/www.articsoft.com\/webassurity. htm.  ArticSoft Limited. 2000 WebAssurity. Online resource. http:\/\/www.articsoft.com\/webassurity. htm."},{"key":"e_1_2_1_3_1","first-page":"16","article-title":"Making something look hacked when it isn't","volume":"21","author":"Barbalac R.","year":"2000","unstructured":"Barbalac , R. 2000 . Making something look hacked when it isn't . The Risks Digest 21 , 16 (Dec.). Barbalac, R. 2000. Making something look hacked when it isn't. The Risks Digest 21, 16 (Dec.).","journal-title":"The Risks Digest"},{"key":"e_1_2_1_4_1","unstructured":"Bonisteel S. 2001. Microsoft browser slips up on SSL certificates. Online resource. http:\/\/www.computeruser.com\/news\/01\/12\/27\/news4.html.  Bonisteel S. 2001. Microsoft browser slips up on SSL certificates. Online resource. http:\/\/www.computeruser.com\/news\/01\/12\/27\/news4.html."},{"key":"e_1_2_1_5_1","unstructured":"Dean D. and Wallach D. 2001. Personal communication.  Dean D. and Wallach D. 2001. Personal communication."},{"key":"e_1_2_1_6_1","unstructured":"Department of Defense. 1985. Trusted Computer System Evaluation Criteria. DoD 5200.28-STD.  Department of Defense. 1985. Trusted Computer System Evaluation Criteria. DoD 5200.28-STD."},{"key":"e_1_2_1_7_1","unstructured":"Dix A. Finlay J. Abowd G. and Beale R. 1997. Human-Computer Interaction 2 ed. Prentice Hall Englewood Cliffs NJ.   Dix A. Finlay J. Abowd G. and Beale R. 1997. Human-Computer Interaction 2 ed. Prentice Hall Englewood Cliffs NJ."},{"key":"e_1_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Ellison C. 1999. The nature of a usable PKI. Computer Networks 31.   Ellison C. 1999. The nature of a usable PKI. Computer Networks 31.","DOI":"10.1016\/S1389-1286(98)00018-8"},{"key":"e_1_2_1_9_1","unstructured":"Ellison C. 2000. Personal communication.  Ellison C. 2000. Personal communication."},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Ellison C. Hall C. Milbert R. and Schneier B. 2000. Protecting secret keys with personal entropy. Future Generation Computer Systems 16. 10.1016\/S0167-739X(99)00055-2   Ellison C. Hall C. Milbert R. and Schneier B. 2000. Protecting secret keys with personal entropy. Future Generation Computer Systems 16. 10.1016\/S0167-739X(99)00055-2","DOI":"10.1016\/S0167-739X(99)00055-2"},{"key":"e_1_2_1_11_1","volume-title":"The 20th National Information Systems Security Conference","author":"Felten E.","unstructured":"Felten , E. , Balfanz , D. , Dean , D. , and Wallach , D . 1997. Web spoofing: An internet con game . In The 20th National Information Systems Security Conference , Baltimore, MD. Felten, E., Balfanz, D., Dean, D., and Wallach, D. 1997. Web spoofing: An internet con game. In The 20th National Information Systems Security Conference, Baltimore, MD."},{"key":"e_1_2_1_12_1","unstructured":"Fogg B. Soohoo C. Danielson D. Marable L. Stanford J. and Tauber E. 2002. How do People Evaluate a Web Site's Credibility? Results from a Large Study. Tech. Rep. Consumer WebWatch\/Stanford Persuasive Technology Lab.  Fogg B. Soohoo C. Danielson D. Marable L. Stanford J. and Tauber E. 2002. How do People Evaluate a Web Site's Credibility? Results from a Large Study. Tech. Rep. Consumer WebWatch\/Stanford Persuasive Technology Lab."},{"key":"e_1_2_1_13_1","volume-title":"ACM\/CHI2002 Conference on Human Factors and Computing Systems","author":"Friedman B.","unstructured":"Friedman , B. , Hurley , D. , Howe , D. , Felten , E. , and Nissenbaum , H . 2003. User's conceptions of web security: A comparative study . In ACM\/CHI2002 Conference on Human Factors and Computing Systems , Minneapolis, MN. Extended abstracts. 10.1145\/506443.506577 Friedman, B., Hurley, D., Howe, D., Felten, E., and Nissenbaum, H. 2003. User's conceptions of web security: A comparative study. In ACM\/CHI2002 Conference on Human Factors and Computing Systems, Minneapolis, MN. Extended abstracts. 10.1145\/506443.506577"},{"key":"e_1_2_1_14_1","unstructured":"GeoTrust Inc. 2003. True site: Identity assurance for Web sites. Online resource. http:\/\/www.geotrust.com\/true_site\/index.htm.  GeoTrust Inc. 2003. True site: Identity assurance for Web sites. Online resource. http:\/\/www.geotrust.com\/true_site\/index.htm."},{"key":"e_1_2_1_15_1","unstructured":"Herzberg A. and Gbara A. 2004. Protecting (even) naive Web users or: preventing spoofing and establishing credentials of Web sites. Draft.  Herzberg A. and Gbara A. 2004. Protecting (even) naive Web users or: preventing spoofing and establishing credentials of Web sites. Draft."},{"key":"e_1_2_1_16_1","volume-title":"the 17th ACSA\/ACM Computer Security Applications Conference","author":"Jiang S.","unstructured":"Jiang , S. , Smith , S. , and Minami , K . 2001. Securing Web servers against insider attack . In the 17th ACSA\/ACM Computer Security Applications Conference , New Orleans, LA. Jiang, S., Smith, S., and Minami, K. 2001. Securing Web servers against insider attack. In the 17th ACSA\/ACM Computer Security Applications Conference, New Orleans, LA."},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Kain K. Smith S. and Asokan R. 2002. Digital signatures and electronic documents: A cautionary tale. In Advanced Communications and Multimedia Security. Kluwer Academic Norwell MA.   Kain K. Smith S. and Asokan R. 2002. Digital signatures and electronic documents: A cautionary tale. In Advanced Communications and Multimedia Security. Kluwer Academic Norwell MA.","DOI":"10.1007\/978-0-387-35612-9_22"},{"key":"e_1_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Lefranc S. and Naccache D. 2003. Cut-&-paste attacks with JAVA. In Information Security and Cryptology---ICISC 2002. LNCS 2587 Springer-Verlag Berlin.   Lefranc S. and Naccache D. 2003. Cut-&-paste attacks with JAVA. In Information Security and Cryptology---ICISC 2002. LNCS 2587 Springer-Verlag Berlin.","DOI":"10.1007\/3-540-36552-4_1"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 2nd Annual PKI Research Workshop","author":"Marchesini J.","unstructured":"Marchesini , J. , Smith ., S., and Zhao , M . 2003. Keyjacking: Risks of the current client-side infrastructure . In Proceedings of the 2nd Annual PKI Research Workshop , Gaithersburg, MD. Marchesini, J., Smith., S., and Zhao, M. 2003. Keyjacking: Risks of the current client-side infrastructure. In Proceedings of the 2nd Annual PKI Research Workshop, Gaithersburg, MD."},{"key":"e_1_2_1_20_1","unstructured":"Maremont M. 1999. Extra! extra!: Internet hoax get the details. The Wall Street Journal.  Maremont M. 1999. Extra! extra!: Internet hoax get the details. The Wall Street Journal."},{"key":"e_1_2_1_21_1","volume-title":"the","author":"Mozilla Organization","year":"2001","unstructured":"Mozilla Organization , the . 2001 . Gecko DOM reference. Online resource. http:\/\/www.mozilla.org\/docs\/dom\/domref\/dom_window_ref.html. Mozilla Organization, the. 2001. Gecko DOM reference. Online resource. http:\/\/www.mozilla.org\/docs\/dom\/domref\/dom_window_ref.html."},{"key":"e_1_2_1_22_1","unstructured":"Norman E. 2002. Personal communication.  Norman E. 2002. Personal communication."},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the National Information Systems Security Conference.","author":"Paoli F. D.","unstructured":"Paoli , F. D. , DosSantos , A. , and Kemmerer , R . 1997. Vulnerability of \u2018secure\u2019 web browsers . In Proceedings of the National Information Systems Security Conference. Paoli, F. D., DosSantos, A., and Kemmerer, R. 1997. Vulnerability of \u2018secure\u2019 web browsers. In Proceedings of the National Information Systems Security Conference."},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce.","author":"Perrig A.","unstructured":"Perrig , A. and Song , D . 1999. Hash visualization: A new technique to improve real-world security . In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce. Perrig, A. and Song, D. 1999. Hash visualization: A new technique to improve real-world security. In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce."},{"key":"e_1_2_1_25_1","volume-title":"SSL and TLS: Designing and building secure systems","author":"Rescorla E.","unstructured":"Rescorla , E. 2001. SSL and TLS: Designing and building secure systems . Addison Wesley , Reading, MA . Rescorla, E. 2001. SSL and TLS: Designing and building secure systems. Addison Wesley, Reading, MA."},{"key":"e_1_2_1_26_1","unstructured":"Rome J. 1995. Compartmented mode workstations. Online resource. http:\/\/www.ornl.gov\/~jar\/doecmw.pdf.  Rome J. 1995. Compartmented mode workstations. Online resource. http:\/\/www.ornl.gov\/~jar\/doecmw.pdf."},{"key":"e_1_2_1_27_1","unstructured":"Secunia. 2004. Mozilla\/mozilla firefox user interface spoofing vulnerability. Secunia Advisory SA12188. http:\/\/secunia.com\/advisories\/12188\/.  Secunia. 2004. Mozilla\/mozilla firefox user interface spoofing vulnerability. Secunia Advisory SA12188. http:\/\/secunia.com\/advisories\/12188\/."},{"key":"e_1_2_1_28_1","unstructured":"Secure Software Inc. EGADS homepage. Online resource. http:\/\/www.securesoftware.com\/download_form_egads.htm.  Secure Software Inc. EGADS homepage. Online resource. http:\/\/www.securesoftware.com\/download_form_egads.htm."},{"key":"e_1_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Smith S. 2001. WebALPS: A survey of e-commerce privacy and security applications. ACM SIGecom Exchanges 2.3. 10.1145\/844324.844329   Smith S. 2001. WebALPS: A survey of e-commerce privacy and security applications. ACM SIGecom Exchanges 2.3. 10.1145\/844324.844329","DOI":"10.1145\/844324.844329"},{"key":"e_1_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Smith S. and Safford D. 2001. Practical server privacy using secure coprocessors. IBM Systems Journal 40. 10.1147\/sj.403.0683   Smith S. and Safford D. 2001. Practical server privacy using secure coprocessors. IBM Systems Journal 40. 10.1147\/sj.403.0683","DOI":"10.1147\/sj.403.0683"},{"key":"e_1_2_1_32_1","unstructured":"Sullivan B. 2000. Scam artist copies payPal Web site. The page expired but related discussion exists at http:\/\/www.landfield.com\/isn\/mail-archive\/2000\/Jul\/0100.html.  Sullivan B. 2000. Scam artist copies payPal Web site. The page expired but related discussion exists at http:\/\/www.landfield.com\/isn\/mail-archive\/2000\/Jul\/0100.html."},{"key":"e_1_2_1_33_1","volume-title":"ACM\/CHI2003 Workshop on Human-Computer Interaction and Security Systems","author":"Turner C.","year":"2003","unstructured":"Turner , C. 2003 . How do consumers form their judgments of the security of e-commerce web sites? In ACM\/CHI2003 Workshop on Human-Computer Interaction and Security Systems , Fort Lauderdale, FL. http:\/\/www.andrewpatrick.ca\/CHI 2003\/HCISEC\/index.html. Turner, C. 2003. How do consumers form their judgments of the security of e-commerce web sites? In ACM\/CHI2003 Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, FL. http:\/\/www.andrewpatrick.ca\/CHI2003\/HCISEC\/index.html."},{"key":"e_1_2_1_34_1","volume-title":"Proceeding of the 2nd USENIX Workshop on Electronic Commerce.","author":"Tygar J.","unstructured":"Tygar , J. and Whitten , A . 1996. WWW electronic commerce and Java trojan horses . In Proceeding of the 2nd USENIX Workshop on Electronic Commerce. Tygar, J. and Whitten, A. 1996. WWW electronic commerce and Java trojan horses. In Proceeding of the 2nd USENIX Workshop on Electronic Commerce."},{"key":"e_1_2_1_35_1","unstructured":"United States Securities And Exchange Commission. 1999. Litigation release no. 16266. Online Resource. http:\/\/www.sec.gov\/litigation\/litreleases\/lr16266.htm.  United States Securities And Exchange Commission. 1999. Litigation release no. 16266. Online Resource. http:\/\/www.sec.gov\/litigation\/litreleases\/lr16266.htm."},{"key":"e_1_2_1_36_1","unstructured":"Weiser R. 2001. Personal communication.  Weiser R. 2001. Personal communication."},{"key":"e_1_2_1_37_1","volume-title":"Proceeding of the 8th USENIX Security Symposium (Washington D.C.).","author":"Whitten A.","unstructured":"Whitten , A. and Tygar , J . 1999. Why johnny can't encrypt: A usability evaluation of PGP 5.0 . In Proceeding of the 8th USENIX Security Symposium (Washington D.C.). Whitten, A. and Tygar, J. 1999. Why johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceeding of the 8th USENIX Security Symposium (Washington D.C.)."},{"key":"e_1_2_1_39_1","volume-title":"Proceeding of the 11th USENIX Security Symposium","author":"Ye Z.","unstructured":"Ye , Z. and Smith , S . 2002. Trusted paths for browsers . In Proceeding of the 11th USENIX Security Symposium , San Francisco, CA. Ye, Z. and Smith, S. 2002. Trusted paths for browsers. In Proceeding of the 11th USENIX Security Symposium, San Francisco, CA."},{"key":"e_1_2_1_40_1","volume-title":"Tech. Rep. Department of Computer Science","author":"Ye Z.","year":"2002","unstructured":"Ye , Z. , Yuan , Y. , and Smith , S . 2002 . Web Spoofing Revisited: SSL and Beyond. Tech. Rep. Department of Computer Science , Dartmouth College, TR 2002-417. Ye, Z., Yuan, Y., and Smith, S. 2002. Web Spoofing Revisited: SSL and Beyond. Tech. Rep. Department of Computer Science, Dartmouth College, TR2002-417."},{"key":"e_1_2_1_41_1","volume-title":"Proceedings of the 4th International Conference on Information and Communications Security","author":"Yee K.","year":"2002","unstructured":"Yee , K. 2002 . User interaction design for secure systems . In Proceedings of the 4th International Conference on Information and Communications Security , Singapore. Yee, K. 2002. User interaction design for secure systems. In Proceedings of the 4th International Conference on Information and Communications Security, Singapore."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1065545.1065546","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,28]],"date-time":"2022-12-28T15:54:40Z","timestamp":1672242880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1065545.1065546"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,5]]},"references-count":39,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2005,5]]}},"alternative-id":["10.1145\/1065545.1065546"],"URL":"https:\/\/doi.org\/10.1145\/1065545.1065546","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005,5]]},"assertion":[{"value":"2005-05-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}