乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T16:38:02Z","timestamp":1732034282768},"publisher-location":"Berlin, Heidelberg","reference-count":45,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642327469"},{"type":"electronic","value":"9783642327476"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-32747-6_6","type":"book-chapter","created":{"date-parts":[[2012,9,12]],"date-time":"2012-09-12T08:24:14Z","timestamp":1347438254000},"page":"89-103","source":"Crossref","is-referenced-by-count":5,"title":["The Bug That Made Me President a Browser- and Web-Security Case Study on Helios Voting"],"prefix":"10.1007","author":[{"given":"Mario","family":"Heiderich","sequence":"first","affiliation":[]},{"given":"Tilman","family":"Frosch","sequence":"additional","affiliation":[]},{"given":"Marcus","family":"Niemietz","sequence":"additional","affiliation":[]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"Adida, B.: benadida\/helios-server - GitHub (2011), \n \n https:\/\/github.com\/benadida\/helios-server"},{"key":"6_CR2","unstructured":"Adida, B.: Helios: Web-based open-audit voting. In: Proceedings of the 17th USENIX Security Symposium, Security 2008 (2008)"},{"key":"6_CR3","unstructured":"Mozilla Foundation: LiveConnect (MDC Documentation) (2011), \n \n https:\/\/developer.mozilla.org\/en\/LiveConnect"},{"key":"6_CR4","unstructured":"Haber, S., Benaloh, J., Halevi, S.: The Helios e-Voting Demo for the IACR (2010), \n \n http:\/\/www.iacr.org\/elections\/eVoting\/heliosDemo.pdf"},{"key":"6_CR5","unstructured":"Johns, M.: Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting. PhD thesis, University of Passau, Passau (2009)"},{"key":"6_CR6","unstructured":"Balduzzi, M.: New insights into clickjacking. In: OWASP AppSec Research (2010)"},{"key":"6_CR7","unstructured":"Stone, P.: Next Generation Clickjacking (2010), \n \n https:\/\/media.blackhat.com\/bh-eu-10\/presentations\/Stone\/BlackHat-EU-2010-Stone-Next-Generation-Clickjacking-slides.pdf"},{"key":"6_CR8","unstructured":"Estehghari, S., Desmedt, Y.: Exploiting the client vulnerabilities in internet E-voting systems: hacking Helios 2.0 as an example. In: Proceedings of the 2010 International Conference on Electronic Voting Technology\/Workshop on Trustworthy Elections, EVT\/WOTE 2010 (2010)"},{"key":"6_CR9","unstructured":"Niemietz, M.: UI redressing: Attacks and countermeasures revisited (2011), \n \n http:\/\/ui-redressing.mniemietz.de\/uiRedressing.pdf"},{"key":"6_CR10","unstructured":"Raskin, A.: Tabnabbing: A new type of phishing attack (2010), \n \n http:\/\/www.azarask.in\/blog\/post\/a-new-type-of-phishing-attack\/"},{"key":"6_CR11","unstructured":"Krebs, B.: Devious new phishing tactic targets tabs (2010), \n \n http:\/\/krebsonsecurity.com\/2010\/05\/devious-new-phishing-tactic-targets-tabs\/"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Barth, A., Caballero, J., Song, D.: Secure content sniffing for web browsers, or how to stop papers from reviewing themselves. In: Proc. of the 30th IEEE Symposium on Security and Privacy (Oakland 2009), Oakland (2009)","DOI":"10.1109\/SP.2009.3"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Stamm, S., Sterne, B., Markham, G.: Reining in the web with content security policy. In: Proceedings of the 19th International Conference on World Wide Web (2010)","DOI":"10.1145\/1772690.1772784"},{"key":"6_CR14","unstructured":"Heiderich, M.: \u2009<\/markup>: HTML form controls reviewed (2008), \n \n http:\/\/maliciousmarkup.blogspot.com\/2008\/11\/html-form-controls-reviewed.html"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Phung, P.H., Sands, D., Chudnov, A.: Lightweight Self-Protecting javascript. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS) (March 2009)","DOI":"10.1145\/1533057.1533067"},{"key":"6_CR16","unstructured":"OWASP: Enterprise security API (2011), \n \n http:\/\/www.owasp.org\/index.php\/Category:OWASP_Enterprise_Security_API"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Masinter, L.: RFC 2397 - the \u201cdata\u201d URL scheme (1998), \n \n http:\/\/www.ietf.org\/rfc\/rfc2397.txt","DOI":"10.17487\/rfc2397"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Huang, L., Weinberg, Z., Evans, C., Jackson, C.: Protecting browsers from Cross-Origin CSS attacks. In: Proc. of the 17th ACM Conference on Computer and Communications Security, CCS 2010 (2010)","DOI":"10.1145\/1866307.1866376"},{"key":"6_CR19","unstructured":"heliosvoting.org: Helios v1 and v2 Verification Specs (2011), \n \n http:\/\/documentation.heliosvoting.org\/verification-specs\/helios-v1-and-v2-verification-specs"},{"key":"6_CR20","unstructured":"Ayenson, M., Wambach, D.J., Soltani, A., Good, N., Hoofnagle, C.J.: Flash cookies and privacy ii: Now with html5 and etag respawning (2011), \n \n http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=1898390"},{"key":"6_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-642-15497-3_14","volume-title":"Computer Security \u2013 ESORICS 2010","author":"A. Janc","year":"2010","unstructured":"Janc, A., Olejnik, L.: Web Browser History Detection as a Real-World Privacy Threat. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol.\u00a06345, pp. 215\u2013231. Springer, Heidelberg (2010)"},{"key":"6_CR22","unstructured":"Weinberg, Z., Chen, E.Y., Jayaraman, P.R., Jackson, C.: I still know what you visited last summer (2011), \n \n http:\/\/websec.sv.cmu.edu\/visited\/visited.pdf"},{"key":"6_CR23","unstructured":"Ross, D.: IE8 security part IV: the XSS filter - IEBlog (2008), \n \n http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/07\/02\/ie8-security-part-iv-the-xss-filter.aspx"},{"key":"6_CR24","unstructured":"Maone, G.: IE\u2019s XSS filter creates XSS vulnerabilities (2009), \n \n http:\/\/hackademix.net\/2009\/11\/21\/ies-xss-filter-creates-xss-vulnerabilities\/"},{"key":"6_CR25","unstructured":"MSDN: MIME type detection in internet explorer (2011), \n \n http:\/\/msdn.microsoft.com\/en-us\/library\/ms775147v=vs.85.aspx"},{"key":"6_CR26","unstructured":"Mozilla Foundation: The X-Frame-Options response header (MDC Documentation) (2010), \n \n https:\/\/developer.mozilla.org\/en\/the_x-frame-options_response_header"},{"key":"6_CR27","unstructured":"Rydstedt, G., Bursztein, E., Boneh, D., Jackson, C.: Busting frame busting: a study of clickjacking vulnerabilities on popular sites. In: Web 2.0 Security and Privacy 2010 (W2SP 2010) (2010)"},{"key":"6_CR28","unstructured":"Li, J., Schmidt, C., Crawford, B.: Clickjacking defense (2011), \n \n https:\/\/www.codemagi.com\/blog\/post\/194"},{"key":"6_CR29","unstructured":"Silin, A.: HTML5 security cheatsheet: MHTML Attacks (2011), \n \n http:\/\/html5sec.org\/?mhtml"},{"key":"6_CR30","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSECP.2004.1264851","volume":"2","author":"J. Bannet","year":"2004","unstructured":"Bannet, J., Price, D.W., Rudys, A., Singer, J., Wallach, D.S.: Hack-a-vote: Security issues with electronic voting systems. IEEE Security & Privacy\u00a02, 32\u201337 (2004)","journal-title":"IEEE Security & Privacy"},{"key":"6_CR31","unstructured":"Kohno, T., Stubblefield, A., Rubin, A.D., Wallach, D.S.: Analysis of an electronic voting system. In: Proceedings of the 25th IEEE Symposium on Security and Privacy, Oakland 2004 (2004)"},{"key":"6_CR32","unstructured":"Feldman, A.J., Halderman, J.A., Felten, E.W.: Security analysis of the Diebold AccuVote-TS voting machine. In: Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology (2007)"},{"key":"6_CR33","unstructured":"Gonggrijp, R., Hengeveld, W.: Studying the Nedap\/Groenendaal ES3B voting computer: a computer security perspective. In: Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology (2007)"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Bishop, M., Wagner, D.: Risks of e-voting. Communications of the ACM\u00a050 (2007)","DOI":"10.1145\/1297797.1297827"},{"key":"6_CR35","unstructured":"Appel, A.W., Ginsburg, M., Hursti, H., Kernighan, B.W., Richards, C.D., Tan, G., Venetis, P.: The new jersey voting-machine lawsuit and the AVC advantage DRE voting machine. In: Proceedings of the 2009 Conference on Electronic Voting Technology\/Workshop on Trustworthy Elections, EVT\/WOTE 2009. USENIX Association (2009)"},{"key":"6_CR36","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., Banks, G., Cova, M., Felmetsger, V., Kemmerer, R., Robertson, W., Valeur, F., Vigna, G.: An Experience in Testing the Security of Real-World Electronic Voting Systems. IEEE Transactions on Software Engineering\u00a036 (2010)","DOI":"10.1109\/TSE.2009.53"},{"key":"6_CR37","unstructured":"Volkamer, M., Alkassar, A., Sadeghi, A.R., Schulz, S.: Enabling the application of open systems like PCs for online voting. In: Proceedings of the Workshop on Frontiers in Electronic Elections 2006 (2006)"},{"key":"6_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/978-3-642-12980-3_19","volume-title":"Towards Trustworthy Elections","author":"R. Joaquim","year":"2010","unstructured":"Joaquim, R., Ribeiro, C., Ferreira, P.: Improving Remote Voting Security with CodeVoting. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol.\u00a06000, pp. 310\u2013329. Springer, Heidelberg (2010)"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Burmester, M., Magkos, E.: Towards secure and practical E-Elections in the new era. In: Secure Electronic Voting. Advances in Information Security, pp. 63\u201376 (2003)","DOI":"10.1007\/978-1-4615-0239-5_5"},{"key":"6_CR40","first-page":"5","volume":"2007","author":"A. Pasquinucci","year":"2007","unstructured":"Pasquinucci, A.: Web voting, security and cryptography. Computer Fraud & Security\u00a02007, 5\u20138 (2007)","journal-title":"Computer Fraud & Security"},{"key":"6_CR41","unstructured":"Hubbers, E., Jacobs, B., Schoenmakers, B., van Tilborg, H., de\u00a0Weger, B.: Description and analysis of RIES (2008), \n \n http:\/\/www.win.tue.nl\/eipsi\/images\/RIES_descr_anal_v1.0_June_24.pdf"},{"key":"6_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-642-04135-8_10","volume-title":"E-Voting and Identity","author":"R. Gonggrijp","year":"2009","unstructured":"Gonggrijp, R., Hengeveld, W.-J., Hotting, E., Schmidt, S., Weidemann, F.: RIES - Rijnland Internet Election System: A Cursory Study of Published Source Code. In: Ryan, P.Y.A., Schoenmakers, B. (eds.) VOTE-ID 2009. LNCS, vol.\u00a05767, pp. 157\u2013171. Springer, Heidelberg (2009)"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Cortier, V., Smyth, B.: Attacking and fixing Helios: An analysis of ballot secrecy. Technical Report 2010\/625 (2010)","DOI":"10.1109\/CSF.2011.27"},{"key":"6_CR44","unstructured":"Adida, B.: Attacks and Defenses - Helios (2011), \n \n http:\/\/documentation.heliosvoting.org\/attacks-and-defenses"},{"key":"6_CR45","unstructured":"Adida, B., De Marneffe, O., Pereira, O., Quisquater, J.: Electing a university president using open-audit voting: analysis of real-world use of helios. In: Proceedings of the 2009 Conference on Electronic Voting Technology\/Workshop on Trustworthy Elections (2009)"}],"container-title":["Lecture Notes in Computer Science","E-Voting and Identity"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-32747-6_6.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T12:14:45Z","timestamp":1620130485000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-32747-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642327469","9783642327476"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-32747-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}