Semantically Sound Analysis of Content Security Policies

被引：0

作者：

Calzavara, Stefano ^{[1
]}

Rabitti, Alvise ^{[1
]}

Bugliesi, Michele ^{[1
]}

机构：

[1] Univ Ca Foscari Venezia, Venice, Italy

来源：

FORMAL TECHNIQUES FOR DISTRIBUTED OBJECTS, COMPONENTS, AND SYSTEMS (FORTE 2019) | 2019年 / 11535卷

关键词：

Content Security Policy; Formal methods; Web security;

D O I：

10.1007/978-3-030-21759-4_18

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.

引用

页码：293 / 297

页数：5

共 50 条

[1] Architecture of Information Security Policies: A Content Analysis
Lopes, Isabel
Oliveira, Pedro
NEW ADVANCES IN INFORMATION SYSTEMS AND TECHNOLOGIES, VOL 1, 2016, 444 : 493 - 502
[2] Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies
Roth, Sebastian
Barron, Timothy
Calzavara, Stefano
Nikiforakis, Nick
Stock, Ben
27TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2020), 2020,
[3] EU Progress Reports On Chapter 24: The Content Analysis of Security Policies
Erdogan, Ramazan
ANKARA AVRUPA CALISMALARI DERGISI-ANKARA REVIEW OF EUROPEAN STUDIES, 2014, 13 (02): : 1 - 19
[4] Coverage and Secure Use Analysis of Content Security Policies via Clustering
Ren, Mengxia
Yue, Chuan
2023 IEEE 8TH EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY, EUROS&P, 2023, : 411 - 428
[5] An economic analysis of security policies
Brueck, Tilman
ECONOMIC ANALYSIS OF TERRORISM, 2006, : 262 - 281
[6] An economic analysis of security policies
Brück, T
DEFENCE AND PEACE ECONOMICS, 2005, 16 (05) : 375 - 389
[7] Analysis of privacy and security policies
Bertino, E.
Brodie, C.
Calo, S. B.
Cranor, L. F.
Karat, C.
Karat, J.
Li, N.
Lin, D.
Lobo, J.
Ni, Q.
Rao, P. R.
Wang, X.
IBM JOURNAL OF RESEARCH AND DEVELOPMENT, 2009, 53 (02)
[8] Security Analysis of Cache Replacement Policies
Canones, Pablo
Kopf, Boris
Reineke, Jan
PRINCIPLES OF SECURITY AND TRUST (POST 2017), 2017, 10204 : 189 - 209
[9] Semantically Weighted Similarity Analysis for XML-based Content Components
Oevermann, Jan
Lueth, Christoph
PROCEEDINGS OF THE ACM SYMPOSIUM ON DOCUMENT ENGINEERING (DOCENG 2018), 2018,
[10] Semantically Enriched Data Access Policies in eHealth
Drozdowicz, Michal
Ganzha, Maria
Paprzycki, Marcin
JOURNAL OF MEDICAL SYSTEMS, 2016, 40 (11)

← 1 2 3 4 5 →