IEEE Transactions on Software Engineering
JRes: a resource accounting interface for Java
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
IEEE Internet Computing
IEEE Internet Computing
Protecting Mobile Code in the Wild
IEEE Internet Computing
A Reference Architecture for Web Servers
WCRE '00 Proceedings of the Seventh Working Conference on Reverse Engineering (WCRE'00)
IEEE Security and Privacy
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Mobile Code Paradigms and Security Issues
IEEE Internet Computing
A Reference Architecture for Web Browsers
ICSM '05 Proceedings of the 21st IEEE International Conference on Software Maintenance
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
SP 800-44 Version 2. Guidelines on Securing Public Web Servers
SP 800-44 Version 2. Guidelines on Securing Public Web Servers
Hi-index | 0.00 |
Active content technologies allow code, in the form of a script, macro, or other kind of portable instruction representation, to execute when the document is rendered. Like any technology, active content can be used to deliver essential services, but it can also become a source of vulnerability for exploitation by an attacker. The purpose of this document is to provide an overview of active content and mobile code technologies in use today and offer insights for making informed IT security decisions on their application and treatment. The discussion gives details about the threats, technology risks, and safeguards for end user systems, such as desktops and laptops. Although various end user applications, such as email clients, can involve active content, Web browsers remain the primary vehicle for delivery and are underscored in the discussion. The tenets presented for Web browsers apply equally well to other end user applications and can be inferred directly.