Semantically Sound Analysis of Content Security Policies

被引：0

作者：

Calzavara, Stefano ^{[1
]}

Rabitti, Alvise ^{[1
]}

Bugliesi, Michele ^{[1
]}

机构：

[1] Univ Ca Foscari Venezia, Venice, Italy

来源：

FORMAL TECHNIQUES FOR DISTRIBUTED OBJECTS, COMPONENTS, AND SYSTEMS (FORTE 2019) | 2019年 / 11535卷

关键词：

Content Security Policy; Formal methods; Web security;

D O I：

10.1007/978-3-030-21759-4_18

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.

引用

页码：293 / 297

页数：5

共 50 条

[21] Security architectures and analysis for content adaptation
Zeng, WJ
Lan, JQ
Zhuang, XH
SECURITY, STEGANOGRAPHY, AND WATERMARKING OF MULTIMEDIA CONTENTS VII, 2005, 5681 : 84 - 95
[22] SECURITY ANALYSIS ON CONTENT MANAGEMENT SYSTEMS
Petkova, Lilyana
Pavlova, Vasilisa
MATHEMATICS AND INFORMATICS, 2022, 65 (05): : 423 - 434
[23] Analysis and solution of network content security
Zhao, Zhongmeng
Chen, Jian
Zhang, Xuanping
Weng, Liping
Jisuanji Gongcheng/Computer Engineering, 2002, 28 (05):
[24] Security policies
Anderson, R
Stajano, F
Lee, JH
ADVANCES IN COMPUTERS, VOL 55, 2001, 55 : 185 - 235
[25] Probabilistic Discovery of Semantically Diverse Content in MANETs
Nedos, Andronikos
Singh, Kulpreet
Cunningham, Raymond
Clarke, Siobhan
IEEE TRANSACTIONS ON MOBILE COMPUTING, 2009, 8 (04) : 544 - 557
[26] An Analysis of Content and Policies in ICT Education in Australia
Stoilescu, Dorian
2017 IEEE 17TH INTERNATIONAL CONFERENCE ON ADVANCED LEARNING TECHNOLOGIES (ICALT), 2017, : 333 - 334
[27] Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis
Doherty, Neil
Fulford, Heather
INFORMATION RESOURCES MANAGEMENT JOURNAL, 2005, 18 (04) : 21 - 39
[28] Semantically rich application-centric security in Android
Ongtang, Machigar
McLaughlin, Stephen
Enck, William
McDaniel, Patrick
SECURITY AND COMMUNICATION NETWORKS, 2012, 5 (06) : 658 - 673
[29] Security Analysis of Access Control Policies for Smart Homes
Belfiore, Roberta Cimorelli
Ferrara, Anna Lisa
PROCEEDINGS OF THE 28TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2023, 2023, : 99 - 106
[30] A systemic analysis: victimization and security policies in Sao Paulo
Peixoto, Betania
de Souza, Leticia Godinho
de Lima, Renato Sergio
REVISTA DO SERVICO PUBLICO, 2012, 63 (02): : 217 - 236

← 1 2 3 4 5 →