WebPol: Fine-Grained Information Flow Policies for Web Browsers

[1]  Vishaldeep Sharma,et al.  Cost sharing exemptions , 2018, ERA Forum.

[2]  David A. Naumann,et al.  Inlined Information Flow Monitoring for JavaScript , 2015, CCS.

[3]  Deepak Garg,et al.  Information Flow Control for Event Handling and the DOM in Web Browsers , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[4]  Yuan Tian,et al.  Run-time Monitoring and Formal Analysis of Information Flows in Chromium , 2015, NDSS.

[5]  Deian Stefan,et al.  Protecting Users by Confining JavaScript with COWL , 2014, OSDI.

[6]  Dominique Devriese,et al.  Stateful Declassification Policies for Event-Driven Programs , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[7]  Arnar Birgisson,et al.  JSFlow: tracking information flow in JavaScript and its APIs , 2014, SAC.

[8]  Deepak Garg,et al.  Information Flow Control in WebKit's JavaScript Bytecode , 2014, POST.

[9]  Zhenkai Liang,et al.  Protecting sensitive web content from client-side vulnerabilities with CRYPTONS , 2013, CCS.

[10]  Andrei Sabelfeld,et al.  Secure Multi-execution: Fine-Grained, Declassification-Aware, and Transparent , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[11]  Frank Piessens,et al.  JSand: complete client-side sandboxing of third-party JavaScript without browser modifications , 2012, ACSAC '12.

[12]  Dominique Devriese,et al.  FlowFox: a web browser with flexible and precise information flow control , 2012, CCS '12.

[13]  Andrei Sabelfeld,et al.  Information-Flow Security for a Core of JavaScript , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[14]  Armando Solar-Lezama,et al.  A language for automatically enforcing privacy policies , 2012, POPL '12.

[15]  Thomas H. Austin,et al.  Multiple facets for dynamic information flow , 2012, POPL '12.

[16]  Wouter Joosen,et al.  WebJail: least-privilege integration of third-party components in web mashups , 2011, ACSAC '11.

[17]  Adam Barth,et al.  The Web Origin Concept , 2011, RFC.

[18]  Deian Stefan,et al.  Disjunction Category Labels , 2011, NordSec.

[19]  Alan Cleary,et al.  Information flow analysis for javascript , 2011, PLASTIC '11.

[20]  Yuchen Zhou,et al.  Protecting Private Web Content from Embedded Scripts , 2011, ESORICS.

[21]  Marco Pistoia,et al.  Saving the world wide web from vulnerable JavaScript , 2011, ISSTA '11.

[22]  Sorin Lerner,et al.  An empirical study of privacy-violating information flows in JavaScript web applications , 2010, CCS '10.

[23]  V. N. Venkatakrishnan,et al.  AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements , 2010, USENIX Security Symposium.

[24]  Zhou Li,et al.  Mash-IF: Practical information-flow control within client-side mashups , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[25]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[26]  Benjamin Livshits,et al.  ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.

[27]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[28]  Sorin Lerner,et al.  Staged information flow for javascript , 2009, PLDI '09.

[29]  Mark S. Miller,et al.  Robust composition: towards a unified approach to access control and concurrency control , 2006 .