How the Web Tangled Itself: Uncovering the History of {Client-Side} Web ({In) Security}
While in its early days, the Web was mostly static, it has organically grown into a full-fledged
technology stack. This evolution has not followed a security blueprint, resulting in many …
technology stack. This evolution has not followed a security blueprint, resulting in many …
[PDF][PDF] The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites.
S Son, V Shmatikov - NDSS, 2013 - cs.utexas.edu
The postMessage mechanism in HTML5 enables Web content from different origins to
communicate with each other, thus relaxing the same origin policy. It is especially popular in …
communicate with each other, thus relaxing the same origin policy. It is especially popular in …
Juggling the jigsaw: Towards automated problem inference from network trouble tickets
This paper presents NetSieve, a system that aims to do automated problem inference from
network trouble tickets. Network trouble tickets are diaries comprising fixed fields and free …
network trouble tickets. Network trouble tickets are diaries comprising fixed fields and free …
Establishing browser security guarantees through formal shim verification
Web browsers mediate access to valuable private data in domains ranging from health care
to banking. Despite this critical role, attackers routinely exploit browser vulnerabilities to …
to banking. Despite this critical role, attackers routinely exploit browser vulnerabilities to …
The Unexpected Dangers of Dynamic {JavaScript}
Modern Web sites frequently generate JavaScript on-the-fly via server-side scripting,
incorporating personalized user data in the process. In general, cross-domain access to …
incorporating personalized user data in the process. In general, cross-domain access to …
[HTML][HTML] Embassies: Radically refactoring the web
Managing a network requires support for multiple concurrent tasks, from routing and traffic
monitoring, to access control and server load balancing. Software-Defined Networking …
monitoring, to access control and server load balancing. Software-Defined Networking …
FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications
The last fifteen years have transformed the Web in ways that would seem unimaginable to
anyone of the" few" Internet users of the year 1995 [8]. What began as a simple set of …
anyone of the" few" Internet users of the year 1995 [8]. What began as a simple set of …
How to Run {POSIX} Apps in a Minimal Picoprocess
We envision a future where Web, mobile, and desktop applications are delivered as
isolated, complete software stacks to a minimal, secure client host. This shift imbues app …
isolated, complete software stacks to a minimal, secure client host. This shift imbues app …
Between worlds: Securing mixed JavaScript/ActionScript multi-party web content
Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of
dynamic features unique to each platform has popularized it for myriad web development …
dynamic features unique to each platform has popularized it for myriad web development …
[PDF][PDF] Self-exfiltration: The dangers of browser-enforced information flow control
EY Chen, S Gorbaty, A Singhal… - Proceedings of the …, 2012 - ieee-security.org
Since the early days of Netscape, browser vendors and web security researchers have
restricted out-going data based on its destination. The security argument accompanying …
restricted out-going data based on its destination. The security argument accompanying …