Extant security mechanisms for web apps, notably the" same-origin policy", are not sufficient
to achieve confidentiality and integrity goals for the many apps that manipulate sensitive …

In the last few years, many security researchers proposed to endow the web platform with
more rigorous foundations, thus allowing for a precise reasoning on web security issues …

We present WPSE, a browser-side security monitor for web protocols designed to ensure
compliance with the intended protocol flow, as well as confidentiality and integrity properties …

JavaScript is the source of many security problems, including cross-site scripting attacks and
malicious advertising code. Central to these problems is the fact that code from untrusted …

The web execution model allows third-party JavaScript to be leveraged in a single execution
context. Access control for these scripts is currently all or nothing. It has been this way for …

Attackers can steal sensitive user information from web pages via third-party scripts. Prior
work shows that secure multi-execution (SME) with declassification is useful for mitigating …

The vast amount of sensitive data in modern web applications has become a prime target for
cyberattacks. Existing browser security policies disallow the execution of unknown scripts …

There has been encouraging progress on information flow control for programs in
increasingly complex programming languages, tracking the propagation of information from …

To prevent applications from leaking users' private data to attackers, researchers have
developed runtime information flow control (IFC) mechanisms. Most existing approaches are …

In the standard web browser programming model, third-party scripts included in an
application execute with the same privilege as the application's own code. This leaves the …