The C++ programming language (2nd ed.)
The C++ programming language (2nd ed.)
The design and evolution of C++
The design and evolution of C++
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Experience with processes and monitors in Mesa
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
The Definition of Standard ML
EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail
Proceedings of the IFIP TC6/WG6.5 International Conference on Upper Layer Protocols, Architectures and Applications
ACM SIGOPS Operating Systems Review
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
The Implementation of Functional Programming Languages (Prentice-Hall International Series in Computer Science)
Programming in Modula-2
Phantom: an interpreted language for distributed programming
COOTS'95 Proceedings of the USENIX Conference on Object-Oriented Technologies on USENIX Conference on Object-Oriented Technologies (COOTS)
IEEE Internet Computing
Secure Bit: Transparent, Hardware Buffer-Overflow Protection
IEEE Transactions on Dependable and Secure Computing
A flexible model for dynamic linking in Java and C#
Theoretical Computer Science
A Dozen Instructions Make Java Bytecode
Electronic Notes in Theoretical Computer Science (ENTCS)
Ribbons: a partially shared memory programming model
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Towards an algebra for security policies
ICATPN'05 Proceedings of the 26th international conference on Applications and Theory of Petri Nets
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Optimal assignment of mobile agents for software authorization and protection
Computer Communications
Veracity, plausibility, and reputation
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
FireDrill: interactive DNS rebinding
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
Eradicating DNS rebinding with the extended same-origin policy
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.