Programming Objects with ML-ART, an Extension to ML with Abstract and Record Types
TACS '94 Proceedings of the International Conference on Theoretical Aspects of Computer Software
A Language-Based Approach to Security
Informatics - 10 Years Back. 10 Years Ahead.
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
The design and implementation of typed scheme
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An Operational Semantics for JavaScript
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
Characterizing insecure javascript practices on the web
Proceedings of the 18th international conference on World wide web
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Analyzing Information Flow in JavaScript-Based Browser Extensions
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
ADSandbox: sandboxing JavaScript to fight malicious websites
Proceedings of the 2010 ACM Symposium on Applied Computing
Isolating JavaScript with filters, rewriting, and wrappers
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Towards a Formal Foundation of Web Security
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Object Capabilities and Isolation of Untrusted Web Applications
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Featherweight Firefox: formalizing the core of a web browser
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Interprocedural analysis with lazy propagation
SAS'10 Proceedings of the 17th international conference on Static analysis
ECOOP'10 Proceedings of the 24th European conference on Object-oriented programming
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Typing local control and state using flow analysis
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Automated Analysis of Security-Critical JavaScript APIs
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Towards type inference for javascript
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements
Proceedings of the 27th Annual Computer Security Applications Conference
Features and object capabilities: reconciling two visions of modularity
Proceedings of the 11th annual international conference on Aspect-oriented Software Development
Race detection for web applications
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
A two-tier sandbox architecture for untrusted JavaScript
Proceedings of the Workshop on JavaScript Tools
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Modeling and reasoning about DOM events
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
JavaScript in JavaScript (js.js): sandboxing third-party scripts
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Tracking the trackers: fast and scalable dynamic analysis of web content for privacy violations
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Leveraging "choice" to automate authorization hook placement
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the ACM international symposium on New ideas, new paradigms, and reflections on programming and software
Dependent types for JavaScript
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Formal specification of a JavaScript module system
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
JSand: complete client-side sandboxing of third-party JavaScript without browser modifications
Proceedings of the 28th Annual Computer Security Applications Conference
TeJaS: retrofitting type systems for JavaScript
Proceedings of the 9th symposium on Dynamic languages
All about the with statement in JavaScript: removing with statements in JavaScript applications
Proceedings of the 9th symposium on Dynamic languages
Combining form and function: static types for JQuery programs
ECOOP'13 Proceedings of the 27th European conference on Object-Oriented Programming
Language-based defenses against untrusted browser origins
SEC'13 Proceedings of the 22nd USENIX conference on Security
A trusted mechanised JavaScript specification
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Gradual typing embedded securely in JavaScript
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.00 |
Web sites routinely incorporate JavaScript programs from several sources into a single page. These sources must be protected from one another, which requires robust sandboxing. The many entry-points of sandboxes and the subtleties of JavaScript demand robust verification of the actual sandbox source. We use a novel type system for JavaScript to encode and verify sandboxing properties. The resulting verifier is lightweight and efficient, and operates on actual source. We demonstrate the effectiveness of our technique by applying it to ADsafe, which revealed several bugs and other weaknesses.