@inproceedings{748c32a1e1f6465faff08aaa097a908d,
title = "DEMACRO: Defense against malicious cross-domain requests",
abstract = "In the constant evolution of theWeb, the simple always gives way to the more complex. Static webpages with click-through dialogues are becoming more and more obsolete and in their place, asynchronous JavaScript requests, Web mash-ups and proprietary plug-ins with the ability to conduct cross-domain requests shape the modern user experience. Three recent studies showed that a significant number ofWeb applications implement poor cross-domain policies allowing malicious domains to embed Flash and Silverlight applets which can conduct arbitrary requests to these Web applications under the identity of the visiting user. In this paper, we confirm the findings of the aforementioned studies and we design DEMACRO, a client-side defense mechanism which detects potentially malicious cross-domain requests and de-authenticates them by removing existing session credentials. Our system requires no training or user interaction and imposes minimal performance overhead on the user's browser.",
author = "Sebastian Lekies and Nick Nikiforakis and Walter Tighzert and Frank Piessens and Martin Johns",
year = "2012",
doi = "10.1007/978-3-642-33338-5\_13",
language = "English",
isbn = "9783642333378",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "254--273",
booktitle = "Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings",
note = "15th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2012 ; Conference date: 12-09-2012 Through 14-09-2012",
}