Proceedings of the 7th ACM conference on Computer and communications security
Secure Execution of Java Applets Using a Remote Playground
IEEE Transactions on Software Engineering
Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
IEEE Security and Privacy
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
End-to-end web application security
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Talking to strangers without taking their candy: isolating proxied content
Proceedings of the 1st Workshop on Social Network Systems
JavaScript Instrumentation in Practice
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
SS'08 Proceedings of the 17th conference on Security symposium
Securing frame communication in browsers
SS'08 Proceedings of the 17th conference on Security symposium
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Language-Based Isolation of Untrusted JavaScript
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Analyzing and Detecting Malicious Flash Advertisements
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
Reining in the web with content security policy
Proceedings of the 19th international conference on World wide web
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
System security, platform security and usability
Proceedings of the fifth ACM workshop on Scalable trusted computing
WebAppArmor: a framework for robust prevention of attacks on web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
ADsafety: type-based verification of JavaScript Sandboxing
SEC'11 Proceedings of the 20th USENIX conference on Security
Protecting private web content from embedded scripts
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
ToMaTo: a trustworthy code mashup development tool
Proceedings of the 5th International Workshop on Web APIs and Service Mashups
AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements
Proceedings of the 27th Annual Computer Security Applications Conference
WebJail: least-privilege integration of third-party components in web mashups
Proceedings of the 27th Annual Computer Security Applications Conference
A two-tier sandbox architecture for untrusted JavaScript
Proceedings of the Workshop on JavaScript Tools
Security of web mashups: a survey
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
JavaScript in JavaScript (js.js): sandboxing third-party scripts
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Privilege separation in HTML5 applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Better security and privacy for web browsers: a survey of techniques, and a new implementation
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Serene: self-reliant client-side protection against session fixation
DAIS'12 Proceedings of the 12th IFIP WG 6.1 international conference on Distributed Applications and Interoperable Systems
Secure multi-execution through static program transformation
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Enhancing javascript with transactions
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
Knowing your enemy: understanding and detecting malicious web advertising
Proceedings of the 2012 ACM conference on Computer and communications security
You are what you include: large-scale evaluation of remote javascript inclusions
Proceedings of the 2012 ACM conference on Computer and communications security
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
JSand: complete client-side sandboxing of third-party JavaScript without browser modifications
Proceedings of the 28th Annual Computer Security Applications Conference
Improving access control for browsers using dynamic scoping
Proceedings of the 51st ACM Southeast Conference
Flexible access control for javascript
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A secure proxy-based cross-domain communication for web mashups
Journal of Web Engineering
Hi-index | 0.00 |
Web publishers frequently integrate third-party advertisements into web pages that also contain sensitive publisher data and end-user personal data. This practice exposes sensitive page content to confidentiality and integrity attacks launched by advertisements. In this paper, we propose a novel framework for addressing security threats posed by third-party advertisements. The heart of our framework is an innovative isolation mechanism that enables publishers to transparently interpose between advertisements and end users. The mechanism supports finegrained policy specification and enforcement, and does not affect the user experience of interactive ads. Evaluation of our framework suggests compatibility with several mainstream ad networks, security from many threats from advertisements and acceptable performance overheads.