Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
Local Hoare reasoning about DOM
Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Proceedings of the 16th ACM conference on Computer and communications security
ADsafety: type-based verification of JavaScript Sandboxing
SEC'11 Proceedings of the 20th USENIX conference on Security
Reasoning about Web Applications: An Operational Semantics for HOP
ACM Transactions on Programming Languages and Systems (TOPLAS)
A finite-state machine approach for modeling and analyzing restful systems
Journal of Web Engineering
Modeling and reasoning about DOM events
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Better security and privacy for web browsers: a survey of techniques, and a new implementation
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
Keys to the cloud: formal analysis and concrete attacks on encrypted web storage
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Combining form and function: static types for JQuery programs
ECOOP'13 Proceedings of the 27th European conference on Object-Oriented Programming
Hi-index | 0.00 |
We offer a formal specification of the core functionality of a web browser in the form of a small-step operational semantics. The specification accurately models the asynchronous nature of web browsers and covers the basic aspects of windows, DOM trees, cookies, HTTP requests and responses, user input, and a minimal scripting language with first-class functions, dynamic evaluation, and AJAX requests. No security enforcement mechanisms are included--instead, the model is intended to serve as a basis for formalizing and experimenting with different security policies and mechanisms. We survey the most interesting design choices and discuss how our model relates to real web browsers.