Reactive non-interference for a browser model

Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011

Volumn , Issue , 2011, Pages 97-104

  Bielova, Nataliia ^a   Devriese, Dominique ^b   Massacci, Fabio ^a   Piessens, Frank ^b  

^a UNIVERSITY OF TRENTO   (Italy)

^b UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

DYNAMIC INFORMATION; ENFORCEMENT MECHANISMS; FIREFOX; NON INTERFERENCE; SAME-ORIGIN POLICY; SECURE INFORMATION FLOW; WEB BROWSER SECURITY;

NETWORK SECURITY; WORLD WIDE WEB;

WEB BROWSERS;

EID: 81055139598     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICNSS.2011.6059965     Document Type: Article

References (19)

1. K. Singh, A. Moshchuk, H. Wang, and W. Lee, "On the incoherencies in web browser access control policies", in SSP, 2010.
2. A. Bohannon and B. C. Pierce, "Featherweight Firefox: Formalizing the core of a web browser", in WebApps, 2010.
3. A. Sabelfeld and A. C. Myers, "Language-based information-flow security", in JSAC, vol. 21, 2003, pp. 5-19.
4. G. L. Guernic, "Confidentiality enforcement using dynamic information flow analyses", Ph. D. dissertation, Kansas State University, 2007.
5. J. Magazinius, A. Askarov, and A. Sabelfeld, "A lattice-based approach to mashup security", in ASIACCS, 2010.
6. Z. Li, K. Zhang, and X. Wang, "Mash-IF: Practical Information-Flow Control within Client-side Mashups", in DSN, 2010, pp. 251-260.
7. M. Louw, K. Ganesh, and V. Venkatakrishnan, "AdJail: Practical enforcement of confidentiality and integrity policies on web advertisements", in USENIX, 2010.
8. R. Chugh, J. Meister, R. Jhala, and S. Lerner, "Staged information flow for Javascript", in PLDI, 2009.
9. D. Devriese and F. Piessens, "Non-interference through secure multiexecution", in SSP, 2010.
10. A. Bohannon, B. C. Pierce, V. Sjöberg, S. Weirich, and S. Zdancewic, "Reactive noninterference", in CCS, 2009.
11. M. Johns, "Code injection vulnerabilities in web applications - exemplified at cross-site scripting", Ph. D. dissertation, University of Passau, 2009.
12. -, "On Javascript malware and related threats", JCV, vol. 4, pp. 161-178, 2008.
13. F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, "Crosssite scripting prevention with dynamic data tainting and static analysis", in NDSS, 2007.
14. B. Jacobs and J. Rutten, "A tutorial on (co) algebras and (co) induction", EATCS Bulletin, vol. 62, pp. 62-222, 1997.
15. R. Capizzi, A. Longo, V. Venkatakrishnan, and A. Sistla, "Preventing information leaks through shadow executions", in ACSAC, 2008.
16. V. Kashyap, B. Wiedermann, and B. Hardekopf, "Timing-and termination-sensitive secure information flow: Exploring a new approach", in SSP, 2011.
17. N. Bielova, D. Devriese, F. Massacci, and F. Piessens, "Reactive non-interference for the browser: extended version", CS Dept., K. U. Leuven, Tech. Rep. CW602, February 2011. [Online]. Available: http://www.cs.kuleuven. be/publicaties/rapporten/cw/CW602.abs.html
18. A. Sabelfeld and D. Sands, "Declassification: Dimensions and principles", JCS, vol. 17, pp. 517-548, October 2009. [Online]. Available: http://portal.acm.org/citation. cfm?id=1662658.1662659
19. T. Austin and C. Flanagan, "Permissive dynamic information flow analysis", in PLAS, 2010.