Security Signature Inference for JavaScript-based Browser Addons

The program dependence graph and its use in optimization

ACM Transactions on Programming Languages and Systems (TOPLAS)

A core calculus of dependency

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Abstract interpretation of operational semantics for secure information flow

Information Processing Letters

Slicing Programs with Arbitrary Control-flow

AADEBUG '93 Proceedings of the First International Workshop on Automated and Algorithmic Debugging

Slicing java programs that throw and catch exceptions

Proceedings of the 2003 ACM SIGPLAN workshop on Partial evaluation and semantics-based program manipulation

JavaScript instrumentation for browser security

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Points-to analysis for JavaScript

Proceedings of the 2009 ACM symposium on Applied Computing

Staged information flow for javascript

Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation

Type Analysis for JavaScript

SAS '09 Proceedings of the 16th International Symposium on Static Analysis

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

International Journal of Information Security

Analyzing Information Flow in JavaScript-Based Browser Extensions

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference

GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code

SSYM'09 Proceedings of the 18th conference on USENIX security symposium

An empirical study of privacy-violating information flows in JavaScript web applications

Proceedings of the 17th ACM conference on Computer and communications security

VEX: vetting browser extensions for security vulnerabilities

USENIX Security'10 Proceedings of the 19th USENIX conference on Security

Securing script-based extensibility in web browsers

USENIX Security'10 Proceedings of the 19th USENIX conference on Security

Verified Security for Browser Extensions

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy

Automated Analysis of Security-Critical JavaScript APIs

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy

Modeling the HTML DOM and browser API in static analysis of JavaScript web applications

Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering

Static analysis of string values

ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering

Information flow analysis for javascript

Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients

Towards type inference for javascript

ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming

Abstract interpretation to check secure information flow in programs with input-output security annotations

FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust

Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Information-Flow Security for a Core of JavaScript

CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium

An analysis of the mozilla jetpack extension framework

ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming

Type-based dependency analysis for javascript

Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security