• Half-Baked Cookies: Client Authentication on the Modern Web 

      Mundada, Yogesh; Feamster, Nick; Krishnamurthy, Balachander; Guha, Saikat; Levin, Dave (Georgia Institute of Technology, 2014)
      Modern websites set multiple authentication cookies during the login process to allow users to remain authenticated over the duration of a web session. Web applications use cookie-based authentication to provide different ...
    • I Own, I Provide, I Decide: Generalized User-Centric Access Control Framework for Web Applications 

      Singh, Kapil; Erete, Ikpeme; Lee, Wenke (Georgia Institute of Technology, 2010)
      With the rapid growth of Web 2.0 technologies, users are contributing more and more content on the Internet, in the form of user profiles, blogs, reviews, etc. With this increased sharing comes a pressing need for access ...
    • One-Time Cookies: Preventing Session Hijacking Attacks with Disposable Credentials 

      Dacosta, Italo; Chakradeo, Saurabh; Ahamad, Mustaque; Traynor, Patrick (Georgia Institute of Technology, 2011)
      Many web applications are vulnerable to session hijacking attacks due to the insecure use of cookies for session management. The most recommended defense against this threat is to completely replace HTTP with HTTPS. ...
    • One-Time Cookies: Preventing Session Hijacking Attacks with Stateless Authentication Tokens 

      Dacosta, Italo; Chakradeo, Saurabh; Ahamad, Mustaque; Traynor, Patrick (Georgia Institute of Technology, 2012-02)
      HTTP cookies are the de facto mechanism for session authentication in web applications. However, their inherent security weaknesses allow attacks against the integrity of web sessions. HTTPS is often recommended to protect ...