JavaScript instrumentation in practice

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5356 LNCS, Issue , 2008, Pages 326-341

  Kikuchi, Haruka ^a   Yu, Dachuan ^b   Chander, Ajay ^b   Inamura, Hiroshi ^b   Serikov, Igor ^b  

^a NTT DOCOMO   (Japan)

^b DOCOMO USA LABS   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

HIGH LEVEL LANGUAGES;

CODE INSTRUMENTATION; CONSTRUCTION METHOD; JAVASCRIPT; POLICY-BASED; REAL WORLD WEB; SECURITY POLICY; THEORETICAL FRAMEWORK;

WEB BROWSERS;

EID: 58549099340     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-89330-1_23     Document Type: Conference Paper

References (19)

1. Apple Inc. Safari mobile on iphone, http://www.apple.com/iphone/internet/
2. Christey, S., Martin, R.A.: Vulnerability type distributions in CVE (2007), http://cve.mitre.org/
3. ECMA International. ECMAScript language specification. Standard ECMA-262, 3rd Edition (December 1999)
4. Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proc. 1999 New Security Paradigms Workshop, Caledon Hills, Ontario, Canada, pp. 87-95 (September 1999)
5. Erlingsson, U., Schneider, F.B.: IRM enforcement of Java stack inspection. In: Proc. IEEE S&P (2000)
6. Evans, D., Twyman, A.: Flexible policy-directed code safety. In: Proc. 20th IEEE S&P, pp. 32-47 (1999)
7. Hewitt, J.: Firebug-web development evolved, http://www.getfirebug.com/
8. Kiciman, E., Livshits, B.: Ajax Scope: a platform for remotely monitoring the client-side behavior of web 2.0 applications. In: Proc. SOSP 2007, pp. 17-30 (2007)
9. Kikuchi, H., Yu, D., Chander, A., Inamura, H., Serikov, I.: Javascript instrumentation in practice. Technical Report DCL-TR-2008-0053, DoCoMo USA Labs (June 2008), http://www.docomolabsresearchers-usa.com/~dyu/jiip-tr.pdf
10. Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: a client-side solution for mitigating cross-site scripting attacks. In: Proc. 2006 ACM Symposium on Applied Computing, pp. 330-337 (2006)
11. Kiriansky, V., Bruening, D., Amarasinghe, S.P: Secure execution via program shepherding. In: Proc. 11th USENIX Security Symposium, pp. 191-206 (2002)
12. Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(2), 2-16 (2005)
13. Luotonen, A.: Tunneling TCP based protocols through web proxy servers. IETF RFC 2616 (1998)
14. OWASP Foundation. The ten most critical web application security vulnerabilities (2007), http://www.owasp.org/
15. Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: Browser Shield: Vulnerability-driven filtering of dynamic HTML. In: Proc. OSDI 2006, Seattle, WA (2006)
16. Schneider, F.B.: Enforceable security policies. Trans. on Information & System Security 3(1), 30-50 (2000)
17. van Kesteren, A., Jackson, D.: The XMLHttp Request object. W3C working draft (2006), http://www.w3.org/TR/XMLHttpRequest/
18. Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: Proc. SOSP 1993, Asheville, NC, pp. 203-216 (1993)
19. Yu, D., Chander, A., Islam, N., Serikov, I.: Java Script instrumentation for browser security. In: Proc. POPL 2007, Nice, France, pp. 237-249 (January 2007)