Object views: Fine-grained sharing in browsers

Proceedings of the 19th International Conference on World Wide Web, WWW '10

Volumn , Issue , 2010, Pages 721-730

  Meyerovich, Leo A ^a   Felt, Adrienne Porter ^a   Miller, Mark S ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b GOOGLE INC   (United States)

Author keywords

aspect; browser; ecmascript; javascript; membrane; reference monitor; remote object; same origin policy; web security; wrapper

Indexed keywords

ASPECT; JAVASCRIPT; REFERENCE MONITORS; REMOTE OBJECT; SAME-ORIGIN POLICY; WEB SECURITY;

MESSAGE PASSING; WORLD WIDE WEB;

HIGH LEVEL LANGUAGES;

EID: 77954593323     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1772690.1772764     Document Type: Conference Paper

References (31)

1. FBJS - Facebok Developers Wiki. http://wiki.developers.facebook.com/ index.php/FBJS/, 2008.
2. A. Barth, C. Jackson, and W. Li. Attacks on JavaScript Mashup Communication. In Web 2.0 Security and Privacy, 2009.
3. A. Barth, C. Jackson, C. Reis, and The Google Chrome Team. The Security Architecture of the Chromium Browser. Technical report, Google Inc., 2008.
4. S. Crites, F. Hsu, and H. Chen. OMash: Enabling Secure Web Mashups via Object Abstractions. In 15th ACM Conference on Computer and Communications Security, pages 99-108, New York, NY, USA, 2008. ACM.
5. D. S. Dantas and D. Walker. Harmless Advice. In 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 383-396, New York, NY, USA, 2006. ACM.
6. O. Danvy. Back to Direct Style. In 4th European Symposium on Programming, pages 130-150, London, UK, 1992. Springer-Verlag.
7. ECMAScript Wiki. weak references. http://wiki.ecmascript.org/doku.php?id= strawman:weak-references.
8. U. Erlingsson, B. Livshits, and Y. Xie. End-to-End Web Application Security. In 11th USENIX Workshop on Hot Topics in Operating Systems, pages 1-6, Berkeley, CA, USA, 2007. USENIX Association.
9. J. N. Foster, B. C. Pierce, and S. Zdancewic. Updatable security views. In IEEE Computer Security Foundations Symposium (CSF), Port Jefferson, NY, July 2009. To appear.
10. A. Gavrilov. Balls animation test. http://bubblemark/, 2007.
11. M. Greenberg and S. Krishnamurthi. Declarative, Composable Views, May 2007. Undergraduate Thesis.
12. C. Grier, S. Tang, and S. T. King. Secure Web Browsing with the OP Web Browser. In IEEE Symposium on Security and Privacy, May 2008.
13. S. Guarnieri and B. Livshits. Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. In USENIX Security Symposium, Aug. 2009.
14. A. Guha, S. Krishnamurthi, and T. Jim. Using Static Analysis for AJAX Intrusion Detection. In 18th International Conference on World Wide Web, pages 561-570, New York, NY, USA, 2009. ACM.
15. A. Guha, J. Matthews, R. B. Findler, and S. Krishnamurthi. Relationally-parametric polymorphic contracts. In DLS '07: Proceedings of the 2007 symposium on Dynamic languages, pages 29-40, New York, NY, USA, 2007. ACM.
16. J. Howell, C. Jackson, H. J. Wang, and X. Fan. MashupOS: Operating System Abstractions for Client Mashups. In 11th USENIX Workshop on Hot Topics in Operating Systems, pages 1-7, Berkeley, CA, USA, 2007. USENIX Association.
17. S. Isaacs and D. Manolescu. WebSandbox - Microsoft Live Labs. http://websandbox.livelabs.com/, 2009.
18. T. Jim, N. Swamy, and M. Hicks. Defeating Script Injection Attacks with Browser-Enforced Embedded Policies. In 16th International Conference on World Wide Web, pages 601-610, New York, NY, USA, 2007. ACM.
19. G. Kiczales. Aspect-Oriented Programming. ACM Computer Survey, page 154, 1996.
20. H. Kikuchi, D. Yu, A. Chander, H. Inamura, and I. Serikov. JavaScript Instrumentation in Practice. In ASPLAS, 2008.
21. S. Maffeis and A. Taly. Language-based Isolation of Untrusted Javascript. In IEEE Computer Security Foundations Symposium, 2009. See also: Dep. of Computing, Imperial College London, Technical Report DTR09-3, 2009.
22. M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, Baltimore, Maryland, USA, May 2006.
23. M. S. Miller. Issue 1065: Security hole: Dangerous constructors still leaking. http://code.google.com/p/google-caja/issues/detail?id=1065, July 2009.
24. M. S. Miller, J. E. Donnelley, and A. H. Karp. Delegating Responsibility in Digital Systems: Horton's "who done it?". In 2nd USENIX Workshop on Hot topics in Security, pages 1-5, Berkeley, CA, USA, 2007. USENIX Association.
25. M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Caja - Safe Active Content in Sanitized JavaScript. http://google-caja.googlecode.com/files/ caja-spec-2007-10-11.pdf, October 2007.
26. N. Mix. Narrative JavaScript. http://www.neilmix.com/narrativejs/doc/.
27. P. H. Phung, D. Sands, and A. Chudnov. Lightweight Self-Protecting JavaScript. In 4th International Symposium on Information, Computer, and Communications Security, pages 47-60, New York, NY, USA, 2009. ACM.
28. C. Reis, B. Bershad, S. D. Gribble, and H. M. Levy. Using Processes to Improve the Reliability of Browser-based Applications. Technical Report UW-CSE-2007-12-01, University of Washington, December 2007.
29. F. Spiessens. Patterns of Safe Collaboration. PhD thesis, Universite catholique de Louvain, 2007.
30. M. Stieglar. E Fundamentals... with Donuts. https://www.cypherpunks.to/ erights/talks/efun/pingSealer.ppt, 2004.
31. H. Washizaki, A. Kubo, T. Mizumachi, K. Eguchi, Y. Fukazawa, N. Yoshioka, H. Kanuka, T. Kodaka, N. Sugimoto, Y. Nagai, and R. Yamamoto. AOJS: Aspect-Oriented Javascript Programming Framework for Web Development. In 8th Workshop on Aspects, Components, and Patterns for Infrastructure Software, pages 31-36, New York, NY, USA, 2009. ACM.