OOPSLA '87 Conference proceedings on Object-oriented programming systems, languages and applications
Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
The structure and performance of interpreters
Proceedings of the seventh international conference on Architectural support for programming languages and operating systems
Design and implementation of a distributed virtual machine for networked computers
Proceedings of the seventeenth ACM symposium on Operating systems principles
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Java Virtual Machine Specification
Java Virtual Machine Specification
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Deanonymizing Users of the SafeWeb Anonymizing Service
Proceedings of the 11th USENIX Security Symposium
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Memory resource management in VMware ESX server
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Democratizing content publication with coral
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
OPUS: online patches and updates for security
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Instrumentation and optimization of Win32/intel executables using Etch
NT'97 Proceedings of the USENIX Windows NT Workshop on The USENIX Windows NT Workshop 1997
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Privacy-preserving browser-side scripting with BFlow
Proceedings of the 4th ACM European conference on Computer systems
Characterizing insecure javascript practices on the web
Proceedings of the 18th international conference on World wide web
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Reining in the web with content security policy
Proceedings of the 19th international conference on World wide web
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
An automatic HTTP cookie management system
Computer Networks: The International Journal of Computer and Telecommunications Networking
ToMaTo: a trustworthy code mashup development tool
Proceedings of the 5th International Workshop on Web APIs and Service Mashups
WebJail: least-privilege integration of third-party components in web mashups
Proceedings of the 27th Annual Computer Security Applications Conference
μPython: non-majors programming from the very first lecture
Proceedings of the 17th ACM annual conference on Innovation and technology in computer science education
Better security and privacy for web browsers: a survey of techniques, and a new implementation
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
You are what you include: large-scale evaluation of remote javascript inclusions
Proceedings of the 2012 ACM conference on Computer and communications security
JSand: complete client-side sandboxing of third-party JavaScript without browser modifications
Proceedings of the 28th Annual Computer Security Applications Conference
A measurement study of insecure javascript practices on the web
ACM Transactions on the Web (TWEB)
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [43]. In this paper, we take Shield's vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at run-time. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at run-time. The rewritten pages contain logic for recursively applying run-time checks to dynamically generated or modified web content, based on known vulnerabilities. We have built and evaluated BrowserShield, a system that performs this dynamic instrumentation of embedded scripts, and that admits policies for customized run-time actions like vulnerability-driven filtering.