We present a method to intercept JavaScript built-in functions with security policies in order to control the behavior of security-relevant events in a web page so that unintended behavior can be prevented. The method is lightweight in the sense that it does not require browser modification, original code transformation, or language restriction (or extension). We also address possible vulnerabilities in the enforcement mechanism, and provide a systematic way to avoid the identified vulnerabilities, including general issues such as object and function subversion, and library-specific problems. The issue of untyped arguments in JavaScript is solved by declarative type checking that implements call-by-primitive-value idea to avoid possible s...
International audienceWe observe a rapid growth of web-based applications every day. These applicati...
Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-par...
International audienceIn this position paper we argue that aspects are well-suited to describe and i...
We present a method to intercept JavaScript built-in functions with security policies in order to co...
This paper introduces a method to control JavaScript execution. The aim is to prevent or modify inap...
Approaches for safe execution of JavaScript on web pages have been a topic of recent research intere...
Phung et al (ASIACCS’09) describe a method for wrapping built-in functions of JavaScript programs in...
It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We ...
The goal of this work was to apply lightweight formal methods to the study of the security of the Ja...
This thesis presents an innovative approach to implementing a security enforcement mechanism in the ...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
Existing approaches to providing security for untrusted JavaScript include isolation of capabilities...
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Wi...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
International audienceWe present new attacks and robust countermeasures for security-sensitive compo...
International audienceWe observe a rapid growth of web-based applications every day. These applicati...
Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-par...
International audienceIn this position paper we argue that aspects are well-suited to describe and i...
We present a method to intercept JavaScript built-in functions with security policies in order to co...
This paper introduces a method to control JavaScript execution. The aim is to prevent or modify inap...
Approaches for safe execution of JavaScript on web pages have been a topic of recent research intere...
Phung et al (ASIACCS’09) describe a method for wrapping built-in functions of JavaScript programs in...
It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We ...
The goal of this work was to apply lightweight formal methods to the study of the security of the Ja...
This thesis presents an innovative approach to implementing a security enforcement mechanism in the ...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
Existing approaches to providing security for untrusted JavaScript include isolation of capabilities...
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Wi...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
International audienceWe present new attacks and robust countermeasures for security-sensitive compo...
International audienceWe observe a rapid growth of web-based applications every day. These applicati...
Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-par...
International audienceIn this position paper we argue that aspects are well-suited to describe and i...