Information-flow security for JavaScript and its APIs
暂无分享,去创建一个
[1] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[2] Wouter Joosen,et al. Security of Web Mashups: A Survey , 2010, NordSec.
[3] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[4] Arnar Birgisson,et al. Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing , 2012, ESORICS.
[5] Alejandro Russo,et al. Securing Timeout Instructions in Web Applications , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.
[6] Alejandro Russo,et al. Tracking Information Flow in Dynamic Tree Structures , 2009, ESORICS.
[7] Julien Lironcourt. Internet Security Seminar Analyzing Information Flow in JavaScript-based Browser Extensions , 2010 .
[8] Dominique Devriese,et al. Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.
[9] John C. Mitchell,et al. Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.
[10] Dominique Devriese,et al. FlowFox: a web browser with flexible and precise information flow control , 2012, CCS '12.
[11] Úlfar Erlingsson,et al. Automated Analysis of Security-Critical JavaScript APIs , 2011, 2011 IEEE Symposium on Security and Privacy.
[12] Anindya Banerjee,et al. Stack-based access control and secure information flow , 2005, J. Funct. Program..
[13] Marco Pistoia,et al. Saving the world wide web from vulnerable JavaScript , 2011, ISSTA '11.
[14] Andrei Sabelfeld,et al. Tight Enforcement of Information-Release Policies for Dynamic Languages , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.
[15] Benjamin Livshits,et al. GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.
[16] Jonas Magazinius,et al. Architectures for Inlining Security Monitors in Web Applications , 2014, ESSoS.
[17] Thomas H. Austin,et al. Permissive dynamic information flow analysis , 2010, PLAS '10.
[18] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[19] Peter Thiemann. Towards Specializing JavaScript Programs , 2014, Ershov Memorial Conference.
[20] Dominique Devriese,et al. Stateful Declassification Policies for Event-Driven Programs , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.
[21] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[22] Andrei Sabelfeld,et al. Value Sensitivity and Observable Abstract Values for Information Flow Control , 2015, LPAR.
[23] Jonas Magazinius,et al. A lattice-based approach to mashup security , 2010, ASIACCS '10.
[24] Frank Piessens,et al. JSand: complete client-side sandboxing of third-party JavaScript without browser modifications , 2012, ACSAC '12.
[25] Zhou Li,et al. Mash-IF: Practical information-flow control within client-side mashups , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).
[26] Andrei Sabelfeld,et al. Limiting information leakage in event-based communication , 2011, PLAS '11.
[27] Deian Stefan,et al. Toward Principled Browser Security , 2013, HotOS.
[28] Sorin Lerner,et al. Staged information flow for javascript , 2009, PLDI '09.
[29] Thomas H. Austin,et al. Efficient purely-dynamic information flow analysis , 2009, PLAS '09.
[30] Andrew C. Myers,et al. Programming Languages for Information Security , 2002 .
[31] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.
[32] David A. Naumann,et al. Inlined Information Flow Monitoring for JavaScript , 2015, CCS.
[33] Arthur Charguéraud,et al. A trusted mechanised JavaScript specification , 2014, POPL.
[34] Sorin Lerner,et al. An empirical study of privacy-violating information flows in JavaScript web applications , 2010, CCS '10.
[35] Arnar Birgisson,et al. JSFlow: tracking information flow in JavaScript and its APIs , 2014, SAC.
[36] Geoffrey Smith,et al. A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..
[37] Andrei Sabelfeld,et al. Value-Sensitive Hybrid Information Flow Control for a JavaScript-Like Language , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.
[38] David A. Schmidt,et al. Automata-Based Confidentiality Monitoring , 2006, ASIAN.
[39] Alan Cleary,et al. Information flow analysis for javascript , 2011, PLASTIC '11.
[40] Dennis M. Volpano. Safety versus Secrecy , 1999, SAS.
[41] Benjamin C. Pierce,et al. Featherweight Firefox: Formalizing the Core of a Web Browser , 2010, WebApps.
[42] Peter J. Denning,et al. Certification of programs for secure information flow , 1977, CACM.
[43] Thomas H. Austin,et al. Multiple facets for dynamic information flow , 2012, POPL '12.
[44] Ajay Chander,et al. JavaScript instrumentation for browser security , 2007, POPL '07.
[45] Alejandro Russo,et al. From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research , 2009, Ershov Memorial Conference.
[46] François Pottier,et al. Information flow inference for ML , 2003, TOPL.
[47] Benjamin C. Pierce,et al. Reactive noninterference , 2009, CCS.
[48] Deepak Garg,et al. Generalizing Permissive-Upgrade in Dynamic Information Flow Analysis , 2014, PLAS@ECOOP.
[49] Dominique Devriese,et al. Reactive non-interference for a browser model , 2011, 2011 5th International Conference on Network and System Security.
[50] Wouter Joosen,et al. You are what you include: large-scale evaluation of remote javascript inclusions , 2012, CCS.
[51] Deepak Garg,et al. Information Flow Control in WebKit's JavaScript Bytecode , 2014, POST.
[52] Andrei Sabelfeld,et al. Secure Multi-execution: Fine-Grained, Declassification-Aware, and Transparent , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.
[53] Marianne Winslett,et al. Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.
[54] Andrei Sabelfeld,et al. Information-Flow Security for a Core of JavaScript , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.
[55] Benjamin Livshits,et al. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.
[56] Nataliia Bielova,et al. Hybrid Information Flow Monitoring against Web Tracking , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.
[57] Ankur Taly,et al. An Operational Semantics for JavaScript , 2008, APLAS.
[58] Shriram Krishnamurthi,et al. The Essence of JavaScript , 2010, ECOOP.
[59] Alejandro Russo,et al. On-the-fly inlining of dynamic security monitors , 2010, Comput. Secur..
[60] Alejandro Russo,et al. Dynamic vs. Static Flow-Sensitive Security Analysis , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.
[61] Andrew C. Myers,et al. Jif: java information flow , 1999 .
[62] Robert Tappan Morris,et al. Privacy-preserving browser-side scripting with BFlow , 2009, EuroSys '09.
[63] Jeffrey S. Fenton. Memoryless Subsystems , 1974, Comput. J..