Semantically Sound Analysis of Content Security Policies

被引:0
|
作者
Calzavara, Stefano [1 ]
Rabitti, Alvise [1 ]
Bugliesi, Michele [1 ]
机构
[1] Univ Ca Foscari Venezia, Venice, Italy
来源
FORMAL TECHNIQUES FOR DISTRIBUTED OBJECTS, COMPONENTS, AND SYSTEMS (FORTE 2019) | 2019年 / 11535卷
关键词
Content Security Policy; Formal methods; Web security;
D O I
10.1007/978-3-030-21759-4_18
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.
引用
收藏
页码:293 / 297
页数:5
相关论文
共 50 条
  • [31] A Model for the Analysis of Security Policies in Service Function Chains
    Durante, L.
    Seno, L.
    Valenza, F.
    Valenzano, A.
    2017 IEEE CONFERENCE ON NETWORK SOFTWARIZATION (IEEE NETSOFT), 2017,
  • [32] Network Policies in Kubernetes: Performance Evaluation and Security Analysis
    Budigiri, Gerald
    Baumann, Christoph
    Muhlberg, Jan Tobias
    Truyen, Eddy
    Joosen, Wouter
    2021 JOINT EUROPEAN CONFERENCE ON NETWORKS AND COMMUNICATIONS & 6G SUMMIT (EUCNC/6G SUMMIT), 2021, : 407 - 412
  • [33] A formal basis for the design and analysis of firewall security policies
    Khoumsi, Ahmed
    Erradi, Mohammed
    Krombi, Wadie
    JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, 2018, 30 (01) : 51 - 66
  • [34] Compositional Taint Analysis for Enforcing Security Policies at Scale
    Banerjee, Subarno
    Cui, Siwei
    Emmi, Michael
    Filieri, Antonio
    Hadarean, Liana
    Li, Peixuan
    Luo, Linghui
    Piskachev, Goran
    Rosner, Nicolas
    Sengupta, Aritra
    Tripp, Omer
    Wang, Jingbo
    PROCEEDINGS OF THE 31ST ACM JOINT MEETING EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, ESEC/FSE 2023, 2023, : 1985 - 1996
  • [35] Structural Model for the Analysis and Construction of Security and Defense Policies
    Abella-Osorio, Juan-David
    Torrijos, Vicente
    URVIO-REVISTA LATINOAMERICANA DE ESTUDIOS DE SEGURIDAD, 2022, (32): : 112 - 126
  • [36] Security policies against gangs and economic analysis of the law
    Martinez Ventura, Jaime Edwin
    POLICIA Y SEGURIDAD PUBLICA, 2016, 6 (01): : 317 - 325
  • [37] Semantically Rich Application-Centric Security in Android
    Ongtang, Machigar
    McLaughlin, Stephen
    Enck, William
    McDaniel, Patrick
    25TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, 2009, : 340 - 349
  • [38] Energy policies and environmental security: A multi-criteria analysis of energy policies of Pakistan
    Hassan, Mabroor
    Afridi, Manzoor Khan
    Khan, Muhammad Irfan
    INTERNATIONAL JOURNAL OF GREEN ENERGY, 2019, 16 (07) : 510 - 519
  • [39] LEARNING SOUND LOCALIZATION BETTER FROM SEMANTICALLY SIMILAR SAMPLES
    Senocak, Arda
    Ryu, Hyeonggon
    Kim, Junsik
    Kweon, In So
    2022 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING (ICASSP), 2022, : 4863 - 4867
  • [40] Automated generation of enforcement mechanisms for semantically-rich security policies in Java']Java-based multi-agent systems
    Tonti, G
    Montanari, R
    Bradshaw, JM
    Bunch, L
    Jeffers, R
    Suri, N
    Uszok, A
    2004 IEEE 1ST SYMPOSIUM ON MULTI-AGENT SECURITY & SURVIVABILITY, 2004, : 11 - 20
12345