SCOPUS 정보 검색 플랫폼

Proceedings of the 19th USENIX Security Symposium

Volumn , Issue , 2010, Pages 355-370

Securing script-based extensibility in web browsers

(2) Djeric, Vladan a Goel, Ashvin a

a UNIVERSITY OF TORONTO (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); NETWORK SECURITY; WEBSITES;

CHARACTERISTIC SIGNATURE; CODE INJECTION; EXECUTION CONTROL; FALSE ALARMS; FIREFOX; FIREFOX WEB BROWSER;

WEB BROWSERS;

EID: 85076324236 PISSN: None EISSN: None Source Type: Conference Proceeding
DOI: None Document Type: Conference Paper

Times cited : (32)

References (23)

1
- 85076300715
- Adblock. http://en.wikipedia.org/wiki/Adblock.

2
- 84870516857
- Alexa the web information company. http://www.alexa.com.
- Alexa the Web Information Company

3
- 85026625508
- Dromaeo JavaScript performance test suite. https://wiki.mozilla.org/Dromaeo.
- Dromaeo JavaScript Performance Test Suite

4
- 84873471297
- Greasemonkey. http://en.wikipedia.org/wiki/Greasemonkey.
- Greasemonkey

5
- 70350435024
- Return-to-libc attack. http://en.wikipedia.org/wiki/ Return-to-libc_attack.
- Return-to-Libc Attack

6
- 85076301530
- July
- setTimeout loses XPCNativeWrappers, July 2009. http://www.mozilla.org/security/announce/2009/mfsa2009-39.html.
- (2009) setTimeout Loses XPCNativeWrappers

7
- 85076286655
- May
- Incorrect execution of JavaScript in the extension context, May 2010. http://googlechromereleases.blogspot.com/2010/05/ stable-channel-update.html.
- (2010) Incorrect Execution of JavaScript in the Extension Context

8
- 85076300257
- May
- XPConnect wrappers, May 2010. https://developer.mozilla.org/en/ XPConnect_wrappers.
- (2010) XPConnect Wrappers

9
- 50249115131
- Saner: Composing static and dynamic analysis to validate sanitization in web applications
- D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Saner: Composing static and dynamic analysis to validate sanitization in web applications. In Proceedings of the IEEE Symposium on Security and Privacy, pages 387–401, 2008.
- (2008) Proceedings of the IEEE Symposium on Security and Privacy , pp. 387-401
- Balzarotti, D.¹ Cova, M.² Felmetsger, V.³ Jovanovic, N.⁴ Kirda, E.⁵ Kruegel, C.⁶ Vigna, G.⁷

10
- 85166275153
- Protecting browsers from extension vulnerabilities
- A. Barth, A. P. Felt, P. Saxena, and A. Boodman. Protecting browsers from extension vulnerabilities. In Proceedings of the Network and Distributed System Security Symposium, 2010.
- (2010) Proceedings of the Network and Distributed System Security Symposium
- Barth, A.¹ Felt, A.P.² Saxena, P.³ Boodman, A.⁴

11
- 84910677088
- Cross-origin JavaScript capability leaks: Detection, exploitation, and defense
- Aug
- A. Barth, J. Weinberger, and D. Song. Cross-origin JavaScript capability leaks: Detection, exploitation, and defense. In Proceedings of the USENIX Security Symposium, Aug. 2009.
- (2009) Proceedings of the USENIX Security Symposium
- Barth, A.¹ Weinberger, J.² Song, D.³

12
- 77952394606
- An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism
- S. Chen, D. Ross, and Y.-M. Wang. An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism. In Proceedings of the ACM Conference on Computer and Communications Security, pages 2–11, 2007.
- (2007) Proceedings of the ACM Conference on Computer and Communications Security , pp. 2-11
- Chen, S.¹ Ross, D.² Wang, Y.-M.³

13
- 85076300765
- Analyzing information flow in Javascript-based browser extensions
- M. Dhawan and V. Ganapathy. Analyzing information flow in Javascript-based browser extensions. In Proceedings of the Annual Computer Security Applications Conference, 2010.
- (2010) Proceedings of the Annual Computer Security Applications Conference
- Dhawan, M.¹ Ganapathy, V.²

14
- 85076904874
- Leveraging legacy code to deploy desktop applications on the web
- J. R. Douceur, J. Elson, J. Howell, and J. R. Lorch. Leveraging legacy code to deploy desktop applications on the web. In Proceedings of the Operating Systems Design and Implementation (OSDI), pages 339–354, 2008.
- (2008) Proceedings of the Operating Systems Design and Implementation (OSDI) , pp. 339-354
- Douceur, J.R.¹ Elson, J.² Howell, J.³ Lorch, J.R.⁴

15
- 48349087157
- Enhancing web browser security against malware extensions
- Aug
- M. T. Louw, J. S. Lim, and V. N. Venkatakrishnan. Enhancing web browser security against malware extensions. Journal in Computer Virology, 4(3):179–195, Aug. 2008.
- (2008) Journal in Computer Virology , vol.4 , Issue.3 , pp. 179-195
- Louw, M.T.¹ Lim, J.S.² Venkatakrishnan, V.N.³

16
- 79953672829
- Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software
- Feb
- J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium, Feb. 2005.
- (2005) Proceedings of the Network and Distributed System Security Symposium
- Newsome, J.¹ Song, D.²

17
- 84898939129
- Isolating web programs in modern browser architectures
- C. Reis and S. D. Gribble. Isolating web programs in modern browser architectures. In Proceedings of the EuroSys conference, 2009.
- (2009) Proceedings of the EuroSys Conference
- Reis, C.¹ Gribble, S.D.²

18
- 74049152095
- Pointless tainting? Evaluating the practicality of pointer tainting
- Apr
- A. Slowinska and H. Bos. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. In Proceedings of the EuroSys conference, Apr. 2009.
- (2009) Proceedings of the EuroSys Conference
- Slowinska, A.¹ Bos, H.²

19
- 84887309913
- Cross-site scripting prevention with dynamic data tainting and static analysis
- P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-site scripting prevention with dynamic data tainting and static analysis. In Proceedings of the Network and Distributed System Security Symposium, 2007.
- (2007) Proceedings of the Network and Distributed System Security Symposium
- Vogt, P.¹ Nentwich, F.² Jovanovic, N.³ Kirda, E.⁴ Kruegel, C.⁵ Vigna, G.⁶

20
- 0031542975
- Extensible security architectures for Java
- D. S. Wallach, D. Balfanz, D. Dean, and E. W. Felten. Extensible security architectures for Java. In Proceedings of the Symposium on Operating Systems Principles (SOSP), pages 116–128, 1997.
- (1997) Proceedings of the Symposium on Operating Systems Principles (SOSP) , pp. 116-128
- Wallach, D.S.¹ Balfanz, D.² Dean, D.³ Felten, E.W.⁴

21
- 41149109640
- Protection and communication abstractions for web browsers in MashupOS
- H. J. Wang, X. Fan, J. Howell, and C. Jackson. Protection and communication abstractions for web browsers in MashupOS. In Proceedings of the Symposium on Operating Systems Principles (SOSP), pages 1–16, 2007.
- (2007) Proceedings of the Symposium on Operating Systems Principles (SOSP) , pp. 1-16
- Wang, H.J.¹ Fan, X.² Howell, J.³ Jackson, C.⁴

22
- 77954608267
- The multi-principal OS construction of the Gazelle web browser
- H. J. Wang, C. Grier, A. Moshchuk, S. T. King, P. Choudhury, and H. Venter. The multi-principal OS construction of the Gazelle web browser. In Proceedings of the USENIX Security Symposium, 2009.
- (2009) Proceedings of the USENIX Security Symposium
- Wang, H.J.¹ Grier, C.² Moshchuk, A.³ King, S.T.⁴ Choudhury, P.⁵ Venter, H.⁶

23
- 69149106605
- Native client: A sandbox for portable, untrusted x86 native code
- B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the IEEE Symposium on Security and Privacy, pages 79–93, 2009.
- (2009) Proceedings of the IEEE Symposium on Security and Privacy , pp. 79-93
- Yee, B.¹ Sehr, D.² Dardyk, G.³ Chen, J.B.⁴ Muth, R.⁵ Ormandy, T.⁶ Okasaka, S.⁷ Narula, N.⁸ Fullagar, N.⁹

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.