H. Takahashi, Kenji Yasunaga, M. Mambo, Kwangjo Kim, H. Youm
{"title":"防止滥用Cookies被盗的XSS","authors":"H. Takahashi, Kenji Yasunaga, M. Mambo, Kwangjo Kim, H. Youm","doi":"10.1109/ASIAJCIS.2013.20","DOIUrl":null,"url":null,"abstract":"Cross Site Scripting (XSS) makes victims execute an arbitrary script and leaks out personal information from victims' computers. An adversary can easily get victim's cookies by the XSS attack. If the adversary cannot use the stolen cookies to impersonate the victim, stealing cookie has no meaning. Therefore, we propose a method to prohibit the abuse of stolen cookies in order to make it ineffective to steal cookies through the XXS attack. The proposed method uses one-time password and challenge-response authentication to identify whether a person is a valid owner of the cookie or not.","PeriodicalId":286298,"journal":{"name":"2013 Eighth Asia Joint Conference on Information Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Preventing Abuse of Cookies Stolen by XSS\",\"authors\":\"H. Takahashi, Kenji Yasunaga, M. Mambo, Kwangjo Kim, H. Youm\",\"doi\":\"10.1109/ASIAJCIS.2013.20\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cross Site Scripting (XSS) makes victims execute an arbitrary script and leaks out personal information from victims' computers. An adversary can easily get victim's cookies by the XSS attack. If the adversary cannot use the stolen cookies to impersonate the victim, stealing cookie has no meaning. Therefore, we propose a method to prohibit the abuse of stolen cookies in order to make it ineffective to steal cookies through the XXS attack. The proposed method uses one-time password and challenge-response authentication to identify whether a person is a valid owner of the cookie or not.\",\"PeriodicalId\":286298,\"journal\":{\"name\":\"2013 Eighth Asia Joint Conference on Information Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 Eighth Asia Joint Conference on Information Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ASIAJCIS.2013.20\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Eighth Asia Joint Conference on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASIAJCIS.2013.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cross Site Scripting (XSS) makes victims execute an arbitrary script and leaks out personal information from victims' computers. An adversary can easily get victim's cookies by the XSS attack. If the adversary cannot use the stolen cookies to impersonate the victim, stealing cookie has no meaning. Therefore, we propose a method to prohibit the abuse of stolen cookies in order to make it ineffective to steal cookies through the XXS attack. The proposed method uses one-time password and challenge-response authentication to identify whether a person is a valid owner of the cookie or not.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
