Dr. Bastian Braun

LogSec: Adaptive Protection for the Wild Wild Web

B. Braun, K. Pauli, J. Posegga and M. Johns, "LogSec: Adaptive Protection for the Wild Wild Web" in the 2015 ACM Symposium on Applied Computing (SAC 2015) - to appear , 2015.

Web-based Secure Application Control

B. Braun, "Web-based Secure Application Control", University of Passau, Germany, 2015.

File: http://web.sec.uni-passau.de/papers/2015_Braun.pdf

A Trusted UI for the Mobile Web

B. Braun, J. Köstler, J. Posegga and M. Johns, "A Trusted UI for the Mobile Web" in 29th IFIP International Information Security and Privacy Conference (IFIP SEC 2014) , 2014.

DOI: http://dx.doi.org/10.1007/978-3-642-55415-5_11

File: http://web.sec.uni-passau.de/papers/2014_Braun_Koestler_Posegga_Johns-Trusted-UI-Mobile-Web.pdf

Doing It the Web Way - Web-based Secure Application Control

TODO

Ghostrail: Ad Hoc Control-Flow Integrity for Web Applications

B. Braun, C. Gries, B. Petschkuhn and J. Posegga, "Ghostrail: Ad Hoc Control-Flow Integrity for Web Applications" in 29th IFIP International Information Security and Privacy Conference (IFIP SEC 2014) , 2014.

DOI: http://dx.doi.org/10.1007/978-3-642-55415-5_22

File: http://web.sec.uni-passau.de/papers/2014_Braun_Gries_Petschkuhn_Posegga-Ghostrail.pdf

PhishSafe: Leveraging Modern JavaScript API's for Transparent and Robust Protection

B. Braun, J. Köstler, M. Johns and J. Posegga, "PhishSafe: Leveraging Modern JavaScript API's for Transparent and Robust Protection" in Fourth ACM Conference on Data and Application Security and Privacy (ACM CODASPY 2014) , 2014.

DOI: http://dx.doi.org/10.1145/2557547.2557553

File: http://web.sec.uni-passau.de/papers/2014_Braun_Koestler_Johns_Posegga-PhishSafe_Leveraging_Modern_JavaScript_APIs_for_Transparent_and_Robust_Protection.pdf

A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks

TODO

A Survey on Control-Flow Integrity Means in Web Application Frameworks

B. Braun, C. Pollak and J. Posegga, "A Survey on Control-Flow Integrity Means in Web Application Frameworks" in 18th Nordic Conference on Secure IT Systems (NordSec 2013) , 2013.

DOI: http://dx.doi.org/10.1007/978-3-642-41488-6_16

File: http://web.sec.uni-passau.de/papers/2013_Braun_Pollak_Posegga-A_Survey_on_CFI_in_Web_Frameworks.pdf

Control-Flow Integrity in Web Applications

B. Braun, P. Gemein, H. P. Reiser and J. Posegga, "Control-Flow Integrity in Web Applications" in International Symposium on Engineering Secure Software and Systems (ESSoS 2013) , Lecture Notes in Computer Science (LNCS), Springer, 2013.

DOI: http://dx.doi.org/10.1007/978-3-642-36563-8_1

File: http://web.sec.uni-passau.de/papers/2013_Braun_Gemein_Reiser_Posegga-Control-Flow_Integrity_in_Web_Applications.pdf

LogSec - A Smart Browser for Secure Web Sessions

TODO

Web-based Secure Application Control

TODO

A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities

B. Braun, S. Kucher, M. Johns and J. Posegga, "A User-Level Authentication Scheme to Mitigate Web Session-Based Vulnerabilities" in {Trust, Privacy and Security in Digital Business (TrustBus '12)} , Lecture Notes in Computer Science (LNCS), Springer, 2012. pp. 17-29.

DOI: http://dx.doi.org/10.1007/978-3-642-32287-7_2

ISBN: 978-3-642-32286-0

File: http://web.sec.uni-passau.de/papers/2012_Braun_Kucher_Johns_Posegga_SessionImagination.pdf

Angriffe auf OpenID und ihre strafrechtliche Bewertung

B. Braun, P. Gemein, B. Höfling, M. Marc Maisch and A. Seidl, "Angriffe auf OpenID und ihre strafrechtliche Bewertung" , Datenschutz und Datensicherheit - DuD , vol. 36, pp. 502-509, 2012. Vieweg Verlag.

DOI: http://dx.doi.org/10.1007/s11623-012-0168-5

File: http://web.sec.uni-passau.de/papers/2012_Braun_Gemein_Hoefling_Maisch_Seidl_Angriffe_auf_OpenID.pdf

BetterAuth: Web Authentication Revisited

M. Johns, S. Lekies, B. Braun and B. Flesch, "BetterAuth: Web Authentication Revisited" in Proceedings of the 2012 Annual Computer Security Applications Conference (ACSAC 2012) , 2012.

DOI: http://www.acsac.org/2012/openconf/modules/request.php?module=oc_program\&action=summary.php\&id=92

File: http://web.sec.uni-passau.de/papers/2012_Johns_Lekies_Braun_Flesch-BetterAuth.pdf

Control-Flow Integrity in Web Applications

TODO

Der Weg ist das Ziel - Kontrollfluss-Integrität in Web-Applikationen sichern

TODO

The Journey Is The Destination

TODO

WebSand - Server-driven Outbound Web-application Sandboxing

TODO

A Survey of Session Fixation Vulnerabilities and a Thorough Solution

TODO

Reliable Protection Against Session Fixation Attacks

M. Johns, B. Braun, M. Schrank and J. Posegga, "Reliable Protection Against Session Fixation Attacks" in Proceedings of the 2011 ACM Symposium on Applied Computing (SAC 2011) , TaiChung, Taiwan: ACM, 2011. pp. 1531--1537.

DOI: http://doi.acm.org/10.1145/1982185.1982511

ISBN: 978-1-4503-0113-8

File: http://web.sec.uni-passau.de/papers/2011_Johns_Braun_Schrank_Posegga_SAC2011_SessionFixation.pdf

Towards a Browser Feedback for Multiple TLS Certificate Verifications

TODO

Users and Web Applications: the Good, the Bad and the Ugly

TODO

Ich weiss, was du letzten Sommer (nicht) tun durftest

TODO

Session Fixation - the Forgotten Vulnerability?

M. Schrank, B. Braun, M. Johns and J. Posegga, "Session Fixation - the Forgotten Vulnerability?" in Sicherheit 2010: Sicherheit, Schutz und Zuverlässigkeit , Lecture Notes in Informatics (LNI), Springer, 2010. pp. 341-352.

DOI: http://subs.emis.de/LNI/Proceedings/Proceedings170/article5744.html

ISBN: 978-3-88579-264-2

File: http://web.sec.uni-passau.de/papers/2010_Schrank_Braun_Johns_Posegga_SICHERHEIT2010_Session_Fixation.pdf

Herausforderungen an Sicherheitsmodelle in neuartigen Anwendungsszenarien

TODO