Entry Gilad:2014:PTI from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Gilad:2014:PTI,
  author =       "Yossi Gilad and Amir Herzberg",
  title =        "Off-Path {TCP} Injection Attacks",
  journal =      j-TISSEC,
  volume =       "16",
  number =       "4",
  pages =        "13:1--13:??",
  month =        apr,
  year =         "2014",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2597173",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Mon May 5 18:00:10 MDT 2014",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "We present practical off-path TCP injection attacks
                 for connections between current, nonbuggy browsers and
                 Web servers. The attacks allow Web-cache poisoning with
                 malicious objects such as spoofed Web pages and
                 scripts; these objects can be cached for a long period
                 of time, exposing any user of that cache to cross-site
                 scripting, cross-site request forgery, and phishing
                 attacks. In contrast to previous TCP injection attacks,
                 we do not require MitM capabilities or malware running
                 on the client machine. Instead, our attacks rely on a
                 weaker assumption, that the user only enters a
                 malicious Web site, but does not download or install
                 any application. Our attacks exploit subtle details of
                 the TCP and HTTP specifications, and features of
                 legitimate (and very common) browser implementations.
                 An empirical evaluation of our techniques with current
                 versions of browsers shows that connections with most
                 popular Web sites are vulnerable. We conclude this work
                 with practical client- and server-end defenses against
                 our attacks.",
  acknowledgement = ack-nhfb,
  articleno =    "13",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries

against, 2(3)230, 2(4)354, 2(4)416, 9(4)461, 10(3)11, 11(2)3, 11(3)13, 11(4)22, 12(3)18, 13(3)22, 13(3)28, 14(1)7, 14(1)13, 14(3)24, 15(1)3, 15(2)6, 15(2)8, 15(3)14, 16(1)1, 16(1)2, 16(2)8, 17(1)4, 17(2)7, 17(2)8, 18(1)2, 18(2)7
allow, 2(4)390, 9(2)181, 10(3)10, 10(4)2, 10(4)3, 11(1)2, 11(2)2, 11(2)4, 12(1)3, 12(1)6, 12(2)8, 12(2)10, 12(3)16, 12(3)18, 12(3)19, 13(3)21, 13(4)34, 13(4)38, 13(4)39, 13(4)41, 14(1)3, 14(1)5, 14(1)10, 14(3)25, 14(3)26, 14(3)27, 14(4)28, 14(4)29, 15(2)6, 15(2)9, 15(2)10, 16(1)3, 16(2)5, 16(3)9, 16(4)17, 17(1)1, 17(2)5, 17(3)10, 17(3)11, 17(4)16, 18(3)10
any, 1(1)66, 1(1)93, 2(4)390, 9(4)461, 10(3)10, 10(3)12, 10(4)1, 10(4)4, 11(2)4, 11(2)6, 11(3)13, 11(3)16, 11(4)20, 12(1)3, 12(1)5, 12(1)6, 12(2)8, 12(2)9, 12(2)10, 12(3)14, 12(3)18, 12(3)19, 12(4)20, 13(1)10, 13(3)28, 13(4)33, 13(4)39, 14(1)6, 14(1)8, 14(1)9, 14(4)32, 15(1)2, 15(2)9, 15(2)10, 15(4)17, 16(2)6, 16(2)7, 16(3)12, 16(4)15, 17(2)8, 17(3)9, 17(3)11, 18(1)1
application, 1(1)66, 2(2)159, 2(2)177, 2(4)354, 4(2)103, 7(1)1, 7(1)97, 8(3)287, 9(1)1, 9(1)94, 10(1)2, 10(2)6, 10(4)3, 11(1)2, 11(1)3, 11(3)14, 11(3)16, 11(4)22, 12(1)2, 12(1)3, 12(2)11, 12(3)14, 12(4)21, 13(1)4, 13(1)10, 13(2)17, 13(3)22, 13(3)26, 13(4)38, 13(4)39, 14(1)2, 14(1)3, 14(1)6, 14(1)8, 14(1)9, 14(2)19, 14(3)27, 15(1)2, 15(1)4, 16(1)1, 16(1)2, 16(2)6, 16(3)9, 16(4)17, 17(2)5, 17(4)13, 18(3)10, 18(4)12
assumption, 2(3)230, 2(3)332, 3(3)161, 9(2)181, 11(2)3, 11(2)6, 11(4)20, 12(1)1, 12(1)3, 12(2)9, 12(4)21, 13(4)38, 15(1)4, 15(3)12, 16(1)4, 16(2)5, 18(3)10
browser, 2(3)332, 8(2)153, 12(2)12
cache, 18(1)4
capability, 10(1)4, 10(4)2, 11(1)3, 11(2)2, 11(3)14, 16(2)7, 17(2)7, 17(3)9, 17(3)10
client, 2(3)230, 2(4)390, 10(2)8, 10(4)4, 11(2)2, 11(3)16, 12(3)14, 12(3)16, 13(4)30, 14(1)12, 14(3)27, 14(4)32, 16(2)5, 16(3)11, 16(3)12, 17(2)5, 17(4)15
common, 2(1)65, 9(2)181, 11(2)3, 12(1)2, 12(1)3, 12(3)19, 13(4)30, 13(4)34, 17(1)3, 18(1)1
conclude, 7(2)319, 10(1)2
connection, 2(3)269, 14(4)29
contrast, 12(1)3, 13(3)24, 17(4)16
current, 2(1)34, 2(1)65, 2(2)177, 2(4)390, 11(4)18, 11(4)20, 11(4)22, 12(2)8, 12(2)10, 13(3)20, 13(4)35, 15(3)12, 16(3)10, 16(4)16, 17(1)1, 17(1)2, 17(2)6, 17(3)9
defense, 2(3)230, 11(2)3, 12(2)11, 14(1)7, 14(3)24, 14(3)27, 14(4)31, 15(2)6, 15(4)16, 17(2)8, 17(3)11
detail, 2(1)3, 2(2)177, 10(2)6, 10(3)11, 12(2)9, 13(3)25, 17(2)8, 18(1)3
do, 2(3)230, 2(3)269, 9(4)421, 10(4)1, 11(1)4, 11(2)2, 11(4)19, 12(1)3, 12(2)10, 13(2)13, 13(4)33, 13(4)35, 14(3)23, 14(3)27, 14(4)28, 16(1)1, 16(3)12, 17(1)1, 18(3)9
empirical, 2(3)295, 17(4)14, 18(1)1
evaluation, 2(3)295, 3(4)262, 10(1)3, 11(1)3, 11(4)20, 11(4)22, 12(2)8, 12(2)11, 12(4)20, 13(2)14, 13(3)24, 13(3)25, 16(1)1, 16(1)2, 16(3)9, 16(4)17, 17(4)14, 18(1)1
exploit, 2(4)416, 12(1)1, 12(2)11, 12(4)22, 13(3)28, 15(1)2, 17(1)1, 17(3)11
exposing, 13(3)22
feature, 2(1)34, 2(2)177, 2(3)295, 3(4)227, 10(1)2, 10(3)12, 11(4)22, 13(3)24, 13(4)32, 13(4)35, 13(4)41, 16(2)5, 16(2)7, 16(4)14, 17(3)10, 17(4)16, 18(2)5, 18(3)11
forgery, 13(4)37, 16(2)8
Gilad, Yossi, 15(2)6, 15(4)16
Herzberg, Amir, 15(2)6, 15(4)16
implementation, 1(1)3, 1(1)26, 1(1)66, 2(1)34, 2(2)177, 2(4)390, 2(4)416, 7(2)319, 11(1)2, 11(1)3, 11(1)4, 11(3)16, 11(4)18, 11(4)22, 12(1)1, 12(2)10, 12(2)11, 12(3)14, 12(4)22, 13(1)4, 13(3)26, 13(3)27, 14(1)3, 15(1)3, 15(2)8, 15(3)13, 15(4)16, 16(1)1, 16(1)2, 16(3)9, 16(3)10, 16(3)11, 17(2)5, 17(2)8, 18(1)2, 18(1)3, 18(1)4
injection, 12(2)11, 13(2)14, 14(1)13, 16(1)1, 17(4)16
instead, 10(1)4, 12(2)10, 15(4)15, 18(4)13
legitimate, 11(2)5, 12(4)22, 14(1)2, 15(4)16, 16(4)16
long, 10(4)1, 18(1)1
machine, 2(2)159, 2(2)177, 2(3)230, 2(3)295, 12(2)12, 14(1)6, 14(1)10, 14(2)18, 14(2)21, 15(2)9, 15(3)12, 16(2)7, 16(3)9, 16(4)14, 17(2)8, 18(2)6, 18(3)11
malicious, 2(2)177, 2(3)295, 10(3)11, 10(4)6, 11(2)2, 11(3)13, 11(3)14, 11(3)15, 11(4)22, 11(4)23, 12(2)12, 12(3)14, 14(1)13, 15(1)2, 15(4)17, 16(2)6, 16(3)12, 16(4)14, 17(3)10, 17(3)12, 17(4)13, 18(2)5
malware, 11(3)16, 13(2)12
most, 2(3)332, 9(4)391, 11(2)2, 11(3)12, 11(4)22, 12(2)8, 12(2)12, 12(3)14, 12(4)21, 13(1)10, 13(3)27, 13(4)30, 14(3)27, 15(1)5, 15(2)6, 15(4)15, 15(4)18, 16(1)4, 16(2)6, 16(4)14, 17(3)11, 17(3)12, 17(4)16, 18(1)1
not, 1(1)26, 2(1)65, 2(2)177, 2(3)230, 2(3)269, 2(4)390, 9(4)421, 10(1)3, 10(4)2, 11(1)3, 11(1)4, 11(2)2, 11(2)4, 11(2)5, 11(3)12, 11(3)13, 11(3)15, 11(3)16, 11(4)19, 11(4)20, 11(4)22, 12(1)1, 12(1)2, 12(1)3, 12(1)6, 12(2)10, 12(2)11, 12(2)13, 12(3)14, 12(4)22, 13(1)10, 13(3)28, 13(4)33, 13(4)35, 13(4)36, 13(4)37, 13(4)39, 13(4)40, 14(3)23, 14(3)27, 14(4)28, 14(4)29, 14(4)31, 15(2)6, 15(2)9, 15(2)10, 15(3)12, 15(3)13, 16(1)1, 16(2)5, 16(2)6, 16(3)9, 16(3)12, 16(4)15, 16(4)16, 17(1)2, 17(3)10, 17(4)15, 18(1)1, 18(3)9, 18(4)13
object, 1(1)26, 10(1)2, 11(1)3, 12(3)18, 14(3)23, 16(2)5, 18(3)9
off-path, 15(4)16
only, 2(3)230, 2(3)295, 10(4)3, 11(1)3, 11(2)4, 11(3)13, 11(4)20, 12(1)2, 12(1)3, 12(2)13, 12(3)19, 12(4)21, 13(1)10, 13(3)25, 13(3)28, 13(4)35, 13(4)37, 13(4)39, 14(1)5, 14(1)11, 14(3)26, 14(4)31, 15(2)9, 15(4)16, 15(4)18, 16(1)3, 16(2)6, 16(2)7, 16(3)9, 16(3)10, 17(3)9, 17(4)15, 18(2)5, 18(2)8
pages, 11(3)15, 13(4)39
path, off-, 15(4)16
period, 11(2)5, 12(2)8, 13(4)37, 15(2)7, 15(4)17, 16(2)8
phishing, 14(2)21, 16(4)14, 16(4)16
poisoning, 15(2)6
popular, 10(4)5, 14(3)27, 15(2)8, 15(2)10, 15(3)11, 15(4)16, 17(3)11, 17(4)15, 18(1)1
practical, 2(4)390, 4(2)158, 7(2)319, 9(3)325, 10(2)6, 10(4)1, 11(2)1, 11(2)5, 11(4)18, 12(3)19, 14(1)7, 14(1)14, 14(2)20, 14(4)29, 15(1)4, 15(2)6, 15(2)7, 15(4)16, 16(3)10, 16(3)12, 17(4)16, 18(1)3, 18(4)13
present, 1(1)26, 2(1)3, 2(1)65, 2(2)177, 2(3)230, 2(3)269, 2(3)295, 2(4)354, 7(2)319, 9(2)181, 9(4)461, 10(1)2, 10(2)7, 10(3)10, 10(3)11, 10(3)12, 10(4)2, 10(4)3, 11(1)2, 11(1)4, 11(2)2, 11(2)5, 11(3)14, 11(4)22, 12(1)2, 12(1)4, 12(2)10, 12(2)11, 12(3)14, 12(3)15, 12(3)16, 12(3)17, 12(4)22, 13(1)10, 13(3)20, 13(3)22, 13(3)25, 13(3)28, 13(4)29, 13(4)41, 14(1)4, 14(1)5, 14(1)6, 15(1)2, 15(2)6, 15(2)8, 15(2)10, 15(3)12, 15(3)13, 15(4)16, 15(4)18, 16(2)6, 16(2)7, 16(4)14, 17(1)4, 17(2)6, 17(2)7, 17(2)8, 17(3)9, 17(3)12, 17(4)14, 17(4)15, 17(4)16, 18(1)3, 18(1)4, 18(2)7, 18(3)9, 18(3)10, 18(3)11, 18(4)12, 18(4)14
previous, 1(1)3, 1(1)93, 2(2)138, 11(2)3, 11(4)20, 12(3)16, 12(3)18, 13(1)10, 13(3)25, 14(1)3, 14(1)4, 15(2)9, 15(2)10, 16(2)5, 16(4)15, 16(4)17, 17(3)12
rely, 10(4)3, 10(4)6, 11(2)6, 12(1)3, 13(4)38, 14(1)9, 15(1)3, 16(1)1, 16(4)14, 18(1)2
request, 1(1)66, 10(1)3, 11(2)3, 13(3)20, 14(1)2, 14(1)8, 14(1)9, 16(4)14, 16(4)17, 17(1)2
require, 2(3)269, 10(1)2, 11(1)3, 11(2)2, 11(4)22, 12(1)3, 12(1)6, 12(3)16, 12(4)20, 13(3)20, 13(3)21, 13(4)29, 13(4)33, 13(4)35, 13(4)40, 14(1)2, 14(3)27, 15(2)6, 15(4)16, 17(2)5, 17(3)9, 17(3)10, 17(4)16, 18(1)2, 18(4)13
running, 10(4)4, 11(4)20, 12(2)10, 12(3)14, 13(1)10, 15(2)6, 15(4)16, 16(2)5
script, 15(4)16
scripting, 10(2)8
server, 1(1)66, 2(1)34, 2(3)230, 2(4)390, 10(4)4, 11(2)2, 11(2)5, 11(3)14, 12(2)10, 12(3)14, 12(3)16, 12(3)17, 12(4)21, 14(1)3, 14(1)12, 14(4)29, 16(4)15, 17(2)5, 17(4)15, 18(1)1
site, 11(2)3, 12(2)12, 13(4)39, 14(2)21, 14(3)26, 16(4)16
specification, 1(1)26, 2(1)65, 2(2)177, 3(4)207, 6(4)501, 8(2)187, 8(4)351, 10(2)7, 10(2)8, 10(3)9, 10(4)2, 11(1)4, 11(4)19, 13(3)24, 13(3)26, 14(3)24, 15(3)13, 15(4)16, 16(1)3, 16(1)4, 17(2)5, 17(4)16, 18(2)7, 18(2)8
spoofed, 15(2)6
subtle, 12(4)22, 17(1)4
technique, 1(1)3, 2(2)138, 2(3)230, 2(3)295, 2(4)416, 7(2)274, 9(4)391, 9(4)461, 10(2)6, 10(3)9, 10(4)6, 11(2)2, 11(3)12, 11(3)16, 11(4)17, 11(4)18, 11(4)22, 12(1)4, 12(2)11, 12(2)13, 12(3)16, 12(3)18, 13(3)22, 13(3)25, 13(3)28, 13(4)32, 13(4)33, 13(4)35, 13(4)36, 13(4)39, 14(1)3, 14(1)5, 14(1)6, 14(1)13, 14(3)24, 14(4)32, 15(1)2, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(4)17, 15(4)18, 16(1)2, 16(2)6, 16(2)7, 16(3)11, 16(4)14, 17(3)9, 17(3)12, 17(4)16, 18(1)2, 18(2)6, 18(3)11
time, 2(1)105, 2(3)332, 2(4)390, 2(4)416, 9(4)461, 10(1)3, 10(2)8, 11(2)3, 11(2)4, 11(2)5, 11(3)13, 11(4)17, 11(4)20, 11(4)21, 11(4)23, 12(2)8, 12(3)17, 12(3)18, 12(3)19, 12(4)20, 12(4)21, 12(4)22, 13(4)37, 13(4)39, 14(1)2, 14(1)11, 14(1)14, 14(3)26, 14(4)31, 15(2)7, 15(3)12, 15(4)17, 16(1)4, 16(4)14, 16(4)17, 17(3)9, 17(3)10, 17(3)11, 17(4)13, 18(1)2, 18(1)4, 18(3)10
version, 10(1)3, 10(4)4, 11(1)2, 12(2)10, 12(3)16, 13(4)37, 17(4)15
very, 1(1)3, 2(1)65, 2(3)269, 10(4)1, 11(2)5, 11(3)14, 11(4)18, 13(3)22, 13(3)27, 14(1)2, 15(1)2, 15(3)12, 16(1)1, 16(3)11, 17(3)10, 17(4)15, 17(4)16, 18(2)7, 18(3)11, 18(4)12, 18(4)14
vulnerable, 10(3)11, 10(4)5, 10(4)6, 11(3)15, 11(4)22, 12(2)11, 13(1)10, 13(3)25, 14(3)24, 14(3)27, 15(4)16, 17(1)4
web, 1(1)66, 2(1)34, 2(4)390, 4(1)37, 10(2)8, 10(3)12, 11(1)4, 11(2)3, 11(3)15, 12(2)12, 12(3)17, 13(4)39, 14(2)21, 14(3)26, 16(4)14, 16(4)16, 18(1)1
work, 2(2)138, 2(3)269, 2(4)416, 10(3)10, 10(4)6, 11(2)2, 11(2)3, 11(3)15, 11(4)17, 11(4)19, 12(2)10, 12(2)11, 12(2)12, 12(3)16, 12(3)17, 12(3)18, 13(3)25, 13(4)38, 14(1)2, 14(1)14, 15(2)7, 15(2)10, 15(3)12, 15(4)15, 15(4)17, 16(1)3, 16(1)4, 16(2)8, 16(3)10, 16(3)11, 16(4)15, 17(3)12, 18(2)6, 18(4)13