论文信息 - JavaScript instrumentation for browser security

JavaScript instrumentation for browser security

It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We propose to battle such attacks using program instrumentation. Untrusted JavaScript code goes thro...

ChanderAjay | IslamNayeem | YuDachuan | SerikovIgor

[1] Úlfar Erlingsson,et al. SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[2] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[3] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.

[4] David Walker,et al. A type system for expressive security policies , 2000, POPL '00.

[5] Robert Wahbe,et al. Efficient software-based fault isolation , 1994, SOSP '93.

[6] Lujo Bauer,et al. Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[7] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.

[8] Sophia Drossopoulou,et al. Towards Type Inference for JavaScript , 2005, ECOOP.

[9] Lujo Bauer,et al. Composing security policies with polymer , 2005, PLDI '05.

[10] Dan S. Wallach,et al. Termination in language-based systems , 2002, TSEC.

[11] Peter Thiemann. Towards a Type System for Analyzing JavaScript Programs , 2005, ESOP.

[12] David E. Evans,et al. Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).