Security of web browser scripting languages: vulnerabilities, attacks, and remedies
作者: Vinod Anupam , Alain Mayer
DOI:
关键词:
摘要: While conducting a security analysis of JavaScript and VBScript, the most popular scripting languages on Web, we found some serious flaws. Motivated by this outcome, propose steps towards sound definition design framework for Web. We show that if such had been integrated into respective from very beginning, probability preventing multiple flaws, other research groups identified, would have greatly increased.
acm.org 参考文章(11)
Edward W. Felten, Gary McGraw, Java security: hostile applets, holes&antidotes John Wiley & Sons, Inc.. ,(1997)
Nathaniel S. Borenstein, EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail Proceedings of the IFIP TC6/WG6.5 International Conference on Upper Layer Protocols, Architectures and Applications. pp. 389- 402 ,(1994)
Aviel D. Rubin, Trent Jaeger, Atul Prakash, Building systems that flexibly control downloaded executable context usenix security symposium. pp. 14- 14 ,(1996)
L. Gong, A secure identity-based capability system ieee symposium on security and privacy. ,vol. 1989, pp. 56- 63 ,(1989) , 10.1109/SECPRI.1989.36277
R.Y. Kain, C.E. Landwehr, On Access Checking in Capability-Based Systems IEEE Transactions on Software Engineering. ,vol. 13, pp. 202- 207 ,(1987) , 10.1109/TSE.1987.232892
Jacob Y Levy, Laurent Demailly, John K Ousterhout, Brent B Welch, None, The Safe-Tcl Security Model usenix annual technical conference. pp. 23- 23 ,(1998) , 10.1007/3-540-68671-1_12
Paul A. Karger, Andrew J. Herbert, An Augmented Capability Architecture to Support Lattice Security and Traceability of Access ieee symposium on security and privacy. pp. 2- 2 ,(1984) , 10.1109/SP.1984.10001
Li Gong, On security in capability-based systems ACM SIGOPS Operating Systems Review. ,vol. 23, pp. 56- 60 ,(1989) , 10.1145/858344.858349
David Flanagan, JavaScript (2nd ed.): the definitive guide O'Reilly & Associates, Inc.. ,(1997)
Li Gong, New security architectural directions for Java Proceedings IEEE COMPCON 97. Digest of Papers. pp. 97- 102 ,(1997) , 10.1109/CMPCON.1997.584679