Separating web applications from user data storage with BSTORE
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
FIRM: capability-based inline mediation of Flash behaviors
Proceedings of the 26th Annual Computer Security Applications Conference
Scrambling for lightweight censorship resistance
SP'11 Proceedings of the 19th international conference on Security Protocols
SessionJuggler: secure web login from an untrusted terminal using session hijacking
Proceedings of the 21st international conference on World Wide Web
Jigsaw: efficient, low-effort mashup isolation
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools
Language-based defenses against untrusted browser origins
SEC'13 Proceedings of the 22nd USENIX conference on Security
Building web applications on top of encrypted data using Mylar
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
We take a systematic approach to developing a symmetric cryptography library in Javascript. We study various strategies for optimizing the code for the Javascript interpreter, and observe that traditional crypto optimization techniques do not apply when implemented in Javascript. We propose a number of optimizations that reduce both running time and code size. Our optimized library is about four times faster and 12% smaller than the fastest and smallest existing symmetric Javascript encryption libraries. On Internet Explorer 8, our library is about 11 times faster than the fastest previously existing code. In addition, we show that certain symmetric systems that are faster than AES when implemented in native x86 code, are in fact much slower than AES when implemented in Javascript. As a result, the choice of ciphers for a Javascript crypto library may be substantially different from the choice of ciphers when implementing crypto natively. Finally, we study the problem of generating strong randomness in Javascript and give extensive measurements validating our techniques.