Proceedings of the 7th ACM conference on Computer and communications security
Abstracting application-level web security
Proceedings of the 11th international conference on World Wide Web
Developing Secure Web Applications
IEEE Internet Computing
AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Timing the Application of Security Patches for Optimal Uptime
LISA '02 Proceedings of the 16th USENIX conference on System administration
Detecting Malicious JavaScript Code in Mozilla
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Invasive browser sniffing and countermeasures
Proceedings of the 15th international conference on World Wide Web
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Developers Guide to Web Application Security
Developers Guide to Web Application Security
Practical taint-based protection using demand emulation
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
A taxonomy of JavaScript redirection spam
AIRWeb '07 Proceedings of the 3rd international workshop on Adversarial information retrieval on the web
BrowserShield: Vulnerability-driven filtering of dynamic HTML
ACM Transactions on the Web (TWEB)
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Centralized Web Proxy Services: Security and Privacy Considerations
IEEE Internet Computing
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks
IEEE Security and Privacy
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
IEEE Transactions on Software Engineering
End-to-end web application security
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Detecting in-flight page changes with web tripwires
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Consumer adoption of internet banking in Nigeria
International Journal of Electronic Finance
Talking to strangers without taking their candy: isolating proxied content
Proceedings of the 1st Workshop on Social Network Systems
Doloto: code splitting for network-bound web 2.0 applications
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Resolving JavaScript Vulnerabilities in the Browser Runtime
ISSRE '08 Proceedings of the 2008 19th International Symposium on Software Reliability Engineering
JavaScript Instrumentation in Practice
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
AOJS: aspect-oriented javascript programming framework for web development
Proceedings of the 8th workshop on Aspects, components, and patterns for infrastructure software
Securing frame communication in browsers
Communications of the ACM - One Laptop Per Child: Vision vs. Reality
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
XSS Attacks: Cross Site Scripting Exploits and Defense
XSS Attacks: Cross Site Scripting Exploits and Defense
Object views: fine-grained sharing in browsers
Proceedings of the 19th international conference on World wide web
Isolating JavaScript with filters, rewriting, and wrappers
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Cross-origin javascript capability leaks: detection, exploitation, and defense
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
| Hi-index | 0.00 |
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). These concerns impact both end users and content generators. To tackle this problem requires a complimentary technology to the already developed and deployed infrastructure for web security. Hence, we have developed a multi-layer framework for web client security based on mobile code instrumentation. This architecture seeks to isolate exploitable security vulnerabilities and enforce runtime policies against malicious code constructs. Our instrumentation process uniquely integrates both static and dynamic engines and is driven by flexible (XML based) rewrite rules for a scalable operation and transparent deployment. Based on secure equivalents for vulnerable JavaScript objects and methods, our mechanism offers superior runtime performance compared to other approaches. Extensive investigation using four case studies shows that the instrumentation technique provides a potential solution to curb the rising number of security exploits that exist on the web today. In addition, performance data gathered from evaluations on active websites demonstrate that the mechanism has very little impact in terms of user experience; thus making it plausible for adoption by end-users.