Featherweight Firefox: formalizing the core of a web browser

Authors:
Aaron Bohannon;Benjamin C. Pierce
Affiliations:
University of Pennsylvania;University of Pennsylvania
Venue:
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Year:
2010

Citing 3
Cited 8

Subspace: secure cross-domain communication for web mashups

Proceedings of the 16th international conference on World Wide Web
Local Hoare reasoning about DOM

Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Reactive noninterference

Proceedings of the 16th ACM conference on Computer and communications security

ADsafety: type-based verification of JavaScript Sandboxing

SEC'11 Proceedings of the 20th USENIX conference on Security
Reasoning about Web Applications: An Operational Semantics for HOP

ACM Transactions on Programming Languages and Systems (TOPLAS)
A finite-state machine approach for modeling and analyzing restful systems

Journal of Web Engineering
Modeling and reasoning about DOM events

WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Better security and privacy for web browsers: a survey of techniques, and a new implementation

FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
FlowFox: a web browser with flexible and precise information flow control

Proceedings of the 2012 ACM conference on Computer and communications security
Keys to the cloud: formal analysis and concrete attacks on encrypted web storage

POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Combining form and function: static types for JQuery programs

ECOOP'13 Proceedings of the 27th European conference on Object-Oriented Programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

We offer a formal specification of the core functionality of a web browser in the form of a small-step operational semantics. The specification accurately models the asynchronous nature of web browsers and covers the basic aspects of windows, DOM trees, cookies, HTTP requests and responses, user input, and a minimal scripting language with first-class functions, dynamic evaluation, and AJAX requests. No security enforcement mechanisms are included--instead, the model is intended to serve as a basis for formalizing and experimenting with different security policies and mechanisms. We survey the most interesting design choices and discuss how our model relates to real web browsers.