CHERI: A hybrid capability-system architecture for scalable software compartmentalization
RNM Watson, J Woodruff, PG Neumann… - … IEEE Symposium on …, 2015 - ieeexplore.ieee.org
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating
system to support fine-grained, capability-based memory protection to mitigate memory …
system to support fine-grained, capability-based memory protection to mitigate memory …
{AdSplit}: Separating smartphone advertising from applications
A wide variety of smartphone applications today rely on third-party advertising services,
which provide libraries that are linked into the hosting application. This situation is …
which provide libraries that are linked into the hosting application. This situation is …
JavaScript: the first 20 years
A Wirfs-Brock, B Eich - Proceedings of the ACM on Programming …, 2020 - dl.acm.org
How a sidekick scripting language for Java, created at Netscape in a ten-day hack, ships first
as a de facto Web standard and eventually becomes the world's most widely used …
as a de facto Web standard and eventually becomes the world's most widely used …
The essence of JavaScript
A Guha, C Saftoiu, S Krishnamurthi - … , Maribor, Slovenia, June 21-25, 2010 …, 2010 - Springer
We reduce JavaScript to a core calculus structured as a small-step operational semantics.
We present several peculiarities of the language and show that our calculus models them …
We present several peculiarities of the language and show that our calculus models them …
A study of security isolation techniques
Security isolation is a foundation of computing systems that enables resilience to different
forms of attacks. This article seeks to understand existing security isolation techniques by …
forms of attacks. This article seeks to understand existing security isolation techniques by …
ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser
LA Meyerovich, B Livshits - 2010 IEEE Symposium on Security …, 2010 - ieeexplore.ieee.org
Much of the power of modern Web comes from the ability of a Web page to combine content
and JavaScript code from disparate servers on the same page. While the ability to create …
and JavaScript code from disparate servers on the same page. While the ability to create …
[PDF][PDF] GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code.
S Guarnieri, VB Livshits - USENIX Security Symposium, 2009 - usenix.org
The advent of Web 2.0 has lead to the proliferation of client-side code that is typically written
in JavaScript. This code is often combined—or mashed-up—with other code and content …
in JavaScript. This code is often combined—or mashed-up—with other code and content …
FlowFox: a web browser with flexible and precise information flow control
We present FlowFox, the first fully functional web browser that implements a precise and
general information flow control mechanism for web scripts based on the technique of …
general information flow control mechanism for web scripts based on the technique of …
Safe & efficient gradual typing for TypeScript
Current proposals for adding gradual typing to JavaScript, such as Closure, TypeScript and
Dart, forgo soundness to deal with issues of scale, code reuse, and popular programming …
Dart, forgo soundness to deal with issues of scale, code reuse, and popular programming …
Hails: Protecting data privacy in untrusted web applications
Modern extensible web platforms like Facebook and Yammer depend on third-party
software to offer a rich experience to their users. Unfortunately, users running a third-party …
software to offer a rich experience to their users. Unfortunately, users running a third-party …