VEX: vetting browser extensions for security vulnerabilities
作者: Marianne Winslett , Sruthi Bandhakavi , P. Madhusudan , Samuel T. King
DOI:
关键词:
摘要: … VEX… VEX analyzes Firefox extensions for such flow patterns using high-precision, context-sensitive, flow-sensitive static analysis. We analyze thousands of browser extensions, and …
参考文章(29)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Alex Aiken, Yichen Xie, Static detection of security vulnerabilities in scripting languages usenix security symposium. pp. 13- ,(2006)
Engin Kirda, Christopher Krügel, Nenad Jovanovic, Giovanni Vigna, Philipp Vogt, Florian Nentwich, Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. network and distributed system security symposium. ,(2007)
Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi Inamura, Igor Serikov, JavaScript Instrumentation in Practice Programming Languages and Systems. pp. 326- 341 ,(2008) , 10.1007/978-3-540-89330-1_23
V. Benjamin Livshits, Monica S. Lam, Finding security vulnerabilities in java applications with static analysis usenix security symposium. pp. 18- 18 ,(2005)
Aaron Boodman, Adrienne Porter Felt, Prateek Saxena, Adam Barth, Protecting Browsers from Extension Vulnerabilities network and distributed system security symposium. ,(2010)
Alexander Moshchuk, Chris Grier, Helen J. Wang, Herman Venter, Piali Choudhury, Samuel T. King, The multi-principal OS construction of the gazelle web browser usenix security symposium. pp. 417- 432 ,(2009)
Claudiu Saftoiu, Shriram Krishnamurthi, Arjun Guha, The essence of javascript european conference on object-oriented programming. pp. 126- 150 ,(2010) , 10.5555/1883978.1883988
Torben Amtoft, Anindya Banerjee, Information Flow Analysis in Logical Form Static Analysis. pp. 100- 115 ,(2004) , 10.1007/978-3-540-27864-1_10
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo, Securing web application code by static analysis and runtime protection Proceedings of the 13th conference on World Wide Web - WWW '04. pp. 40- 52 ,(2004) , 10.1145/988672.988679