ADsafety: type-based verification of JavaScript Sandboxing
SEC'11 Proceedings of the 20th USENIX conference on Security
Towards a program logic for JavaScript
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A two-tier sandbox architecture for untrusted JavaScript
Proceedings of the Workshop on JavaScript Tools
Tracking the trackers: fast and scalable dynamic analysis of web content for privacy violations
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Proceedings of the 2012 Haskell Symposium
Secure multi-execution through static program transformation
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
An analysis of the mozilla jetpack extension framework
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
A tested semantics for getters, setters, and eval in JavaScript
Proceedings of the 8th symposium on Dynamic languages
Formal specification of a JavaScript module system
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Hails: protecting data privacy in untrusted web applications
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Fully abstract compilation to JavaScript
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Distributed electronic rights in javascript
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
The need for capability policies
Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs
Toward principled browser security
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
All about the with statement in JavaScript: removing with statements in JavaScript applications
Proceedings of the 9th symposium on Dynamic languages
Flexible access control for javascript
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Modelling Access Propagation in Dynamic Systems
ACM Transactions on Information and System Security (TISSEC)
Language-based defenses against untrusted browser origins
SEC'13 Proceedings of the 22nd USENIX conference on Security
A trusted mechanised JavaScript specification
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Gradual typing embedded securely in JavaScript
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Security Signature Inference for JavaScript-based Browser Addons
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Hi-index | 0.00 |
JavaScript is widely used to provide client-side functionality in Web applications. To provide services ranging from maps to advertisements, Web applications may incorporate untrusted JavaScript code from third parties. The trusted portion of each application may then expose an API to untrusted code, interposing a reference monitor that mediates access to security-critical resources. However, a JavaScript reference monitor can only be effective if it cannot be circumvented through programming tricks or programming language idiosyncrasies. In order to verify complete mediation of critical resources for applications of interest, we define the semantics of a restricted version of JavaScript devised by the ECMA Standards committee for isolation purposes, and develop and test an automated tool that can soundly establish that a given API cannot be circumvented or subverted. Our tool reveals a previously-undiscovered vulnerability in the widely-examined Yahoo! AD Safe filter and verifies confinement of the repaired filter and other examples from the Object-Capability literature.