Phung et al (ASIACCS’09) describe a method for wrapping built-in functions of JavaScript programs in order to enforce security policies. The method is appealing because it requires neither deep transformation of the code norbrowser modification. Unfortunately the implementation outlined suffers from a range of vulnerabilities, and policy construction is restrictive and error prone. In this paper we address these issues to provide a systematic way to avoid the identified vulnerabilities, and make it easier for the policy writer to construct declarative policies – i.e. policies upon which attacker code has no side effects
This thesis presents an innovative approach to implementing a security enforcement mechanism in the ...
JavaScript has become an intrinsic part of web applications. But it has a dynamic execution nature i...
International audienceWe present new attacks and robust countermeasures for security-sensitive compo...
Phung et al (ASIACCS’09) describe a method for wrapping built-in functions of JavaScript programs in...
We present a method to intercept JavaScript built-in functions with security policies in order to co...
This paper introduces a method to control JavaScript execution. The aimis to prevent or modify inapp...
It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We ...
Existing approaches to providing security for untrusted JavaScript include isolation of capabilities...
Approaches for safe execution of JavaScript on web pages have been a topic of recent research intere...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implem...
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Wi...
International audienceIn this position paper we argue that aspects are well-suited to describe and i...
International audienceDefensive JavaScript (DJS) is a typed subset of JavaScript that guarantees tha...
Abstract. Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functi...
This thesis presents an innovative approach to implementing a security enforcement mechanism in the ...
JavaScript has become an intrinsic part of web applications. But it has a dynamic execution nature i...
International audienceWe present new attacks and robust countermeasures for security-sensitive compo...
Phung et al (ASIACCS’09) describe a method for wrapping built-in functions of JavaScript programs in...
We present a method to intercept JavaScript built-in functions with security policies in order to co...
This paper introduces a method to control JavaScript execution. The aimis to prevent or modify inapp...
It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We ...
Existing approaches to providing security for untrusted JavaScript include isolation of capabilities...
Approaches for safe execution of JavaScript on web pages have been a topic of recent research intere...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implem...
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Wi...
International audienceIn this position paper we argue that aspects are well-suited to describe and i...
International audienceDefensive JavaScript (DJS) is a typed subset of JavaScript that guarantees tha...
Abstract. Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functi...
This thesis presents an innovative approach to implementing a security enforcement mechanism in the ...
JavaScript has become an intrinsic part of web applications. But it has a dynamic execution nature i...
International audienceWe present new attacks and robust countermeasures for security-sensitive compo...