Preventing Capability Leaks in Secure JavaScript Subsets

by Matthew Finifter , Joel Weinberger , Adam Barth
Citations:16 - 2 self

Documents Related by Co-Citation

51 CONSCRIPT: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser – Benjamin Livshits, Leo Meyerovich - 2009
55 Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code – Benjamin Livshits, Salvatore Guarnieri - 2009
78 BrowserShield: Vulnerability-driven filtering of dynamic HTML – Charles Reis, John Dunagan, Helen J. Wang, Opher Dubrovsky, Saher Esmeir
18 Object views: Fine-grained sharing in browsers – Leo A. Meyerovich, A. Porter Felt, Mark S. Miller, Google Inc - 2010
24 Lightweight Self-Protecting JavaScript – Phu H. Phung, David Sands, Andrey Chudnov - 2009
41 Static analysis for Ajax intrusion detection – Arjun Guha, Shriram Krishnamurthi, Trevor Jim - 2009
25 Adjail: practical enforcement of confidentiality and integrity policies on web advertisements – Mike Ter Louw, Karthik Thotta Ganesh, V N Venkatakrishnan - 2010
26 Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers – Mike Ter Louw, V. N. Venkatakrishnan - 2009
39 Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense – Yacin Nadji, Prateek Saxena, Dawn Song
53 Protection and communication abstractions for Web browsers in MashupOS – H J Wang, X Fan, J Howell, C Jackson - 2007
64 Caja: Safe active content in sanitized JavaScript. Google white paper. http://google-caja.googlecode.com – Mark S. Miller, Mike Samuel, Ben Laurie, Ihab Awad, Mike Stay
14 Attacks on JavaScript Mashup Communication – Adam Barth, Collin Jackson, William Li
26 OMash: enabling secure web mashups via object abstractions – Steven Crites, Francis Hsu, Hao Chen - 2008
85 Defeating Script Injection Attacks with Browser-Enforced Embedded Policies – Trevor Jim - 2007
65 JavaScript Instrumentation for Browser Security – D Yu, A Chander, N Islam, I Serikov - 2007
48 Subspace: Secure cross-domain communication for web mashups – C Jackson, H J Wang
38 Protecting Browsers from Extension Vulnerabilities – Adam Barth, Adrienne Porter Felt, Prateek Saxena, Aaron Boodman
25 VEX: Vetting Browser Extensions For Security Vulnerabilities – Sruthi Bandhakavi, Samuel T. King, P. Madhusudan, Marianne Winslett
9 Run-Time Enforcement of Secure JavaScript Subsets – Sergio Maffeis, John C. Mitchell, Ankur Taly