Entry Gilad:2014:PTI from tissec.bib
Last update: Sun Oct 15 02:58:48 MDT 2017
Top |
Symbols |
Numbers |
Math |
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
BibTeX entry
@Article{Gilad:2014:PTI,
author = "Yossi Gilad and Amir Herzberg",
title = "Off-Path {TCP} Injection Attacks",
journal = j-TISSEC,
volume = "16",
number = "4",
pages = "13:1--13:??",
month = apr,
year = "2014",
CODEN = "ATISBQ",
DOI = "https://doi.org/10.1145/2597173",
ISSN = "1094-9224 (print), 1557-7406 (electronic)",
ISSN-L = "1094-9224",
bibdate = "Mon May 5 18:00:10 MDT 2014",
bibsource = "http://portal.acm.org/;
http://www.math.utah.edu/pub/tex/bib/tissec.bib",
abstract = "We present practical off-path TCP injection attacks
for connections between current, nonbuggy browsers and
Web servers. The attacks allow Web-cache poisoning with
malicious objects such as spoofed Web pages and
scripts; these objects can be cached for a long period
of time, exposing any user of that cache to cross-site
scripting, cross-site request forgery, and phishing
attacks. In contrast to previous TCP injection attacks,
we do not require MitM capabilities or malware running
on the client machine. Instead, our attacks rely on a
weaker assumption, that the user only enters a
malicious Web site, but does not download or install
any application. Our attacks exploit subtle details of
the TCP and HTTP specifications, and features of
legitimate (and very common) browser implementations.
An empirical evaluation of our techniques with current
versions of browsers shows that connections with most
popular Web sites are vulnerable. We conclude this work
with practical client- and server-end defenses against
our attacks.",
acknowledgement = ack-nhfb,
articleno = "13",
fjournal = "ACM Transactions on Information and System Security",
journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J789",
}
Related entries
- against,
2(3)230,
2(4)354,
2(4)416,
9(4)461,
10(3)11,
11(2)3,
11(3)13,
11(4)22,
12(3)18,
13(3)22,
13(3)28,
14(1)7,
14(1)13,
14(3)24,
15(1)3,
15(2)6,
15(2)8,
15(3)14,
16(1)1,
16(1)2,
16(2)8,
17(1)4,
17(2)7,
17(2)8,
18(1)2,
18(2)7
- allow,
2(4)390,
9(2)181,
10(3)10,
10(4)2,
10(4)3,
11(1)2,
11(2)2,
11(2)4,
12(1)3,
12(1)6,
12(2)8,
12(2)10,
12(3)16,
12(3)18,
12(3)19,
13(3)21,
13(4)34,
13(4)38,
13(4)39,
13(4)41,
14(1)3,
14(1)5,
14(1)10,
14(3)25,
14(3)26,
14(3)27,
14(4)28,
14(4)29,
15(2)6,
15(2)9,
15(2)10,
16(1)3,
16(2)5,
16(3)9,
16(4)17,
17(1)1,
17(2)5,
17(3)10,
17(3)11,
17(4)16,
18(3)10
- any,
1(1)66,
1(1)93,
2(4)390,
9(4)461,
10(3)10,
10(3)12,
10(4)1,
10(4)4,
11(2)4,
11(2)6,
11(3)13,
11(3)16,
11(4)20,
12(1)3,
12(1)5,
12(1)6,
12(2)8,
12(2)9,
12(2)10,
12(3)14,
12(3)18,
12(3)19,
12(4)20,
13(1)10,
13(3)28,
13(4)33,
13(4)39,
14(1)6,
14(1)8,
14(1)9,
14(4)32,
15(1)2,
15(2)9,
15(2)10,
15(4)17,
16(2)6,
16(2)7,
16(3)12,
16(4)15,
17(2)8,
17(3)9,
17(3)11,
18(1)1
- application,
1(1)66,
2(2)159,
2(2)177,
2(4)354,
4(2)103,
7(1)1,
7(1)97,
8(3)287,
9(1)1,
9(1)94,
10(1)2,
10(2)6,
10(4)3,
11(1)2,
11(1)3,
11(3)14,
11(3)16,
11(4)22,
12(1)2,
12(1)3,
12(2)11,
12(3)14,
12(4)21,
13(1)4,
13(1)10,
13(2)17,
13(3)22,
13(3)26,
13(4)38,
13(4)39,
14(1)2,
14(1)3,
14(1)6,
14(1)8,
14(1)9,
14(2)19,
14(3)27,
15(1)2,
15(1)4,
16(1)1,
16(1)2,
16(2)6,
16(3)9,
16(4)17,
17(2)5,
17(4)13,
18(3)10,
18(4)12
- assumption,
2(3)230,
2(3)332,
3(3)161,
9(2)181,
11(2)3,
11(2)6,
11(4)20,
12(1)1,
12(1)3,
12(2)9,
12(4)21,
13(4)38,
15(1)4,
15(3)12,
16(1)4,
16(2)5,
18(3)10
- browser,
2(3)332,
8(2)153,
12(2)12
- cache,
18(1)4
- capability,
10(1)4,
10(4)2,
11(1)3,
11(2)2,
11(3)14,
16(2)7,
17(2)7,
17(3)9,
17(3)10
- client,
2(3)230,
2(4)390,
10(2)8,
10(4)4,
11(2)2,
11(3)16,
12(3)14,
12(3)16,
13(4)30,
14(1)12,
14(3)27,
14(4)32,
16(2)5,
16(3)11,
16(3)12,
17(2)5,
17(4)15
- common,
2(1)65,
9(2)181,
11(2)3,
12(1)2,
12(1)3,
12(3)19,
13(4)30,
13(4)34,
17(1)3,
18(1)1
- conclude,
7(2)319,
10(1)2
- connection,
2(3)269,
14(4)29
- contrast,
12(1)3,
13(3)24,
17(4)16
- current,
2(1)34,
2(1)65,
2(2)177,
2(4)390,
11(4)18,
11(4)20,
11(4)22,
12(2)8,
12(2)10,
13(3)20,
13(4)35,
15(3)12,
16(3)10,
16(4)16,
17(1)1,
17(1)2,
17(2)6,
17(3)9
- defense,
2(3)230,
11(2)3,
12(2)11,
14(1)7,
14(3)24,
14(3)27,
14(4)31,
15(2)6,
15(4)16,
17(2)8,
17(3)11
- detail,
2(1)3,
2(2)177,
10(2)6,
10(3)11,
12(2)9,
13(3)25,
17(2)8,
18(1)3
- do,
2(3)230,
2(3)269,
9(4)421,
10(4)1,
11(1)4,
11(2)2,
11(4)19,
12(1)3,
12(2)10,
13(2)13,
13(4)33,
13(4)35,
14(3)23,
14(3)27,
14(4)28,
16(1)1,
16(3)12,
17(1)1,
18(3)9
- empirical,
2(3)295,
17(4)14,
18(1)1
- evaluation,
2(3)295,
3(4)262,
10(1)3,
11(1)3,
11(4)20,
11(4)22,
12(2)8,
12(2)11,
12(4)20,
13(2)14,
13(3)24,
13(3)25,
16(1)1,
16(1)2,
16(3)9,
16(4)17,
17(4)14,
18(1)1
- exploit,
2(4)416,
12(1)1,
12(2)11,
12(4)22,
13(3)28,
15(1)2,
17(1)1,
17(3)11
- exposing,
13(3)22
- feature,
2(1)34,
2(2)177,
2(3)295,
3(4)227,
10(1)2,
10(3)12,
11(4)22,
13(3)24,
13(4)32,
13(4)35,
13(4)41,
16(2)5,
16(2)7,
16(4)14,
17(3)10,
17(4)16,
18(2)5,
18(3)11
- forgery,
13(4)37,
16(2)8
- Gilad, Yossi,
15(2)6,
15(4)16
- Herzberg, Amir,
15(2)6,
15(4)16
- implementation,
1(1)3,
1(1)26,
1(1)66,
2(1)34,
2(2)177,
2(4)390,
2(4)416,
7(2)319,
11(1)2,
11(1)3,
11(1)4,
11(3)16,
11(4)18,
11(4)22,
12(1)1,
12(2)10,
12(2)11,
12(3)14,
12(4)22,
13(1)4,
13(3)26,
13(3)27,
14(1)3,
15(1)3,
15(2)8,
15(3)13,
15(4)16,
16(1)1,
16(1)2,
16(3)9,
16(3)10,
16(3)11,
17(2)5,
17(2)8,
18(1)2,
18(1)3,
18(1)4
- injection,
12(2)11,
13(2)14,
14(1)13,
16(1)1,
17(4)16
- instead,
10(1)4,
12(2)10,
15(4)15,
18(4)13
- legitimate,
11(2)5,
12(4)22,
14(1)2,
15(4)16,
16(4)16
- long,
10(4)1,
18(1)1
- machine,
2(2)159,
2(2)177,
2(3)230,
2(3)295,
12(2)12,
14(1)6,
14(1)10,
14(2)18,
14(2)21,
15(2)9,
15(3)12,
16(2)7,
16(3)9,
16(4)14,
17(2)8,
18(2)6,
18(3)11
- malicious,
2(2)177,
2(3)295,
10(3)11,
10(4)6,
11(2)2,
11(3)13,
11(3)14,
11(3)15,
11(4)22,
11(4)23,
12(2)12,
12(3)14,
14(1)13,
15(1)2,
15(4)17,
16(2)6,
16(3)12,
16(4)14,
17(3)10,
17(3)12,
17(4)13,
18(2)5
- malware,
11(3)16,
13(2)12
- most,
2(3)332,
9(4)391,
11(2)2,
11(3)12,
11(4)22,
12(2)8,
12(2)12,
12(3)14,
12(4)21,
13(1)10,
13(3)27,
13(4)30,
14(3)27,
15(1)5,
15(2)6,
15(4)15,
15(4)18,
16(1)4,
16(2)6,
16(4)14,
17(3)11,
17(3)12,
17(4)16,
18(1)1
- not,
1(1)26,
2(1)65,
2(2)177,
2(3)230,
2(3)269,
2(4)390,
9(4)421,
10(1)3,
10(4)2,
11(1)3,
11(1)4,
11(2)2,
11(2)4,
11(2)5,
11(3)12,
11(3)13,
11(3)15,
11(3)16,
11(4)19,
11(4)20,
11(4)22,
12(1)1,
12(1)2,
12(1)3,
12(1)6,
12(2)10,
12(2)11,
12(2)13,
12(3)14,
12(4)22,
13(1)10,
13(3)28,
13(4)33,
13(4)35,
13(4)36,
13(4)37,
13(4)39,
13(4)40,
14(3)23,
14(3)27,
14(4)28,
14(4)29,
14(4)31,
15(2)6,
15(2)9,
15(2)10,
15(3)12,
15(3)13,
16(1)1,
16(2)5,
16(2)6,
16(3)9,
16(3)12,
16(4)15,
16(4)16,
17(1)2,
17(3)10,
17(4)15,
18(1)1,
18(3)9,
18(4)13
- object,
1(1)26,
10(1)2,
11(1)3,
12(3)18,
14(3)23,
16(2)5,
18(3)9
- off-path,
15(4)16
- only,
2(3)230,
2(3)295,
10(4)3,
11(1)3,
11(2)4,
11(3)13,
11(4)20,
12(1)2,
12(1)3,
12(2)13,
12(3)19,
12(4)21,
13(1)10,
13(3)25,
13(3)28,
13(4)35,
13(4)37,
13(4)39,
14(1)5,
14(1)11,
14(3)26,
14(4)31,
15(2)9,
15(4)16,
15(4)18,
16(1)3,
16(2)6,
16(2)7,
16(3)9,
16(3)10,
17(3)9,
17(4)15,
18(2)5,
18(2)8
- pages,
11(3)15,
13(4)39
- path, off-,
15(4)16
- period,
11(2)5,
12(2)8,
13(4)37,
15(2)7,
15(4)17,
16(2)8
- phishing,
14(2)21,
16(4)14,
16(4)16
- poisoning,
15(2)6
- popular,
10(4)5,
14(3)27,
15(2)8,
15(2)10,
15(3)11,
15(4)16,
17(3)11,
17(4)15,
18(1)1
- practical,
2(4)390,
4(2)158,
7(2)319,
9(3)325,
10(2)6,
10(4)1,
11(2)1,
11(2)5,
11(4)18,
12(3)19,
14(1)7,
14(1)14,
14(2)20,
14(4)29,
15(1)4,
15(2)6,
15(2)7,
15(4)16,
16(3)10,
16(3)12,
17(4)16,
18(1)3,
18(4)13
- present,
1(1)26,
2(1)3,
2(1)65,
2(2)177,
2(3)230,
2(3)269,
2(3)295,
2(4)354,
7(2)319,
9(2)181,
9(4)461,
10(1)2,
10(2)7,
10(3)10,
10(3)11,
10(3)12,
10(4)2,
10(4)3,
11(1)2,
11(1)4,
11(2)2,
11(2)5,
11(3)14,
11(4)22,
12(1)2,
12(1)4,
12(2)10,
12(2)11,
12(3)14,
12(3)15,
12(3)16,
12(3)17,
12(4)22,
13(1)10,
13(3)20,
13(3)22,
13(3)25,
13(3)28,
13(4)29,
13(4)41,
14(1)4,
14(1)5,
14(1)6,
15(1)2,
15(2)6,
15(2)8,
15(2)10,
15(3)12,
15(3)13,
15(4)16,
15(4)18,
16(2)6,
16(2)7,
16(4)14,
17(1)4,
17(2)6,
17(2)7,
17(2)8,
17(3)9,
17(3)12,
17(4)14,
17(4)15,
17(4)16,
18(1)3,
18(1)4,
18(2)7,
18(3)9,
18(3)10,
18(3)11,
18(4)12,
18(4)14
- previous,
1(1)3,
1(1)93,
2(2)138,
11(2)3,
11(4)20,
12(3)16,
12(3)18,
13(1)10,
13(3)25,
14(1)3,
14(1)4,
15(2)9,
15(2)10,
16(2)5,
16(4)15,
16(4)17,
17(3)12
- rely,
10(4)3,
10(4)6,
11(2)6,
12(1)3,
13(4)38,
14(1)9,
15(1)3,
16(1)1,
16(4)14,
18(1)2
- request,
1(1)66,
10(1)3,
11(2)3,
13(3)20,
14(1)2,
14(1)8,
14(1)9,
16(4)14,
16(4)17,
17(1)2
- require,
2(3)269,
10(1)2,
11(1)3,
11(2)2,
11(4)22,
12(1)3,
12(1)6,
12(3)16,
12(4)20,
13(3)20,
13(3)21,
13(4)29,
13(4)33,
13(4)35,
13(4)40,
14(1)2,
14(3)27,
15(2)6,
15(4)16,
17(2)5,
17(3)9,
17(3)10,
17(4)16,
18(1)2,
18(4)13
- running,
10(4)4,
11(4)20,
12(2)10,
12(3)14,
13(1)10,
15(2)6,
15(4)16,
16(2)5
- script,
15(4)16
- scripting,
10(2)8
- server,
1(1)66,
2(1)34,
2(3)230,
2(4)390,
10(4)4,
11(2)2,
11(2)5,
11(3)14,
12(2)10,
12(3)14,
12(3)16,
12(3)17,
12(4)21,
14(1)3,
14(1)12,
14(4)29,
16(4)15,
17(2)5,
17(4)15,
18(1)1
- site,
11(2)3,
12(2)12,
13(4)39,
14(2)21,
14(3)26,
16(4)16
- specification,
1(1)26,
2(1)65,
2(2)177,
3(4)207,
6(4)501,
8(2)187,
8(4)351,
10(2)7,
10(2)8,
10(3)9,
10(4)2,
11(1)4,
11(4)19,
13(3)24,
13(3)26,
14(3)24,
15(3)13,
15(4)16,
16(1)3,
16(1)4,
17(2)5,
17(4)16,
18(2)7,
18(2)8
- spoofed,
15(2)6
- subtle,
12(4)22,
17(1)4
- technique,
1(1)3,
2(2)138,
2(3)230,
2(3)295,
2(4)416,
7(2)274,
9(4)391,
9(4)461,
10(2)6,
10(3)9,
10(4)6,
11(2)2,
11(3)12,
11(3)16,
11(4)17,
11(4)18,
11(4)22,
12(1)4,
12(2)11,
12(2)13,
12(3)16,
12(3)18,
13(3)22,
13(3)25,
13(3)28,
13(4)32,
13(4)33,
13(4)35,
13(4)36,
13(4)39,
14(1)3,
14(1)5,
14(1)6,
14(1)13,
14(3)24,
14(4)32,
15(1)2,
15(1)5,
15(2)7,
15(2)8,
15(3)12,
15(4)17,
15(4)18,
16(1)2,
16(2)6,
16(2)7,
16(3)11,
16(4)14,
17(3)9,
17(3)12,
17(4)16,
18(1)2,
18(2)6,
18(3)11
- time,
2(1)105,
2(3)332,
2(4)390,
2(4)416,
9(4)461,
10(1)3,
10(2)8,
11(2)3,
11(2)4,
11(2)5,
11(3)13,
11(4)17,
11(4)20,
11(4)21,
11(4)23,
12(2)8,
12(3)17,
12(3)18,
12(3)19,
12(4)20,
12(4)21,
12(4)22,
13(4)37,
13(4)39,
14(1)2,
14(1)11,
14(1)14,
14(3)26,
14(4)31,
15(2)7,
15(3)12,
15(4)17,
16(1)4,
16(4)14,
16(4)17,
17(3)9,
17(3)10,
17(3)11,
17(4)13,
18(1)2,
18(1)4,
18(3)10
- version,
10(1)3,
10(4)4,
11(1)2,
12(2)10,
12(3)16,
13(4)37,
17(4)15
- very,
1(1)3,
2(1)65,
2(3)269,
10(4)1,
11(2)5,
11(3)14,
11(4)18,
13(3)22,
13(3)27,
14(1)2,
15(1)2,
15(3)12,
16(1)1,
16(3)11,
17(3)10,
17(4)15,
17(4)16,
18(2)7,
18(3)11,
18(4)12,
18(4)14
- vulnerable,
10(3)11,
10(4)5,
10(4)6,
11(3)15,
11(4)22,
12(2)11,
13(1)10,
13(3)25,
14(3)24,
14(3)27,
15(4)16,
17(1)4
- web,
1(1)66,
2(1)34,
2(4)390,
4(1)37,
10(2)8,
10(3)12,
11(1)4,
11(2)3,
11(3)15,
12(2)12,
12(3)17,
13(4)39,
14(2)21,
14(3)26,
16(4)14,
16(4)16,
18(1)1
- work,
2(2)138,
2(3)269,
2(4)416,
10(3)10,
10(4)6,
11(2)2,
11(2)3,
11(3)15,
11(4)17,
11(4)19,
12(2)10,
12(2)11,
12(2)12,
12(3)16,
12(3)17,
12(3)18,
13(3)25,
13(4)38,
14(1)2,
14(1)14,
15(2)7,
15(2)10,
15(3)12,
15(4)15,
15(4)17,
16(1)3,
16(1)4,
16(2)8,
16(3)10,
16(3)11,
16(4)15,
17(3)12,
18(2)6,
18(4)13