Semantically Sound Analysis of Content Security Policies

被引：0

作者：

Calzavara, Stefano ^{[1
]}

Rabitti, Alvise ^{[1
]}

Bugliesi, Michele ^{[1
]}

机构：

[1] Univ Ca Foscari Venezia, Venice, Italy

来源：

FORMAL TECHNIQUES FOR DISTRIBUTED OBJECTS, COMPONENTS, AND SYSTEMS (FORTE 2019) | 2019年 / 11535卷

关键词：

Content Security Policy; Formal methods; Web security;

D O I：

10.1007/978-3-030-21759-4_18

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.

引用

页码：293 / 297

页数：5

共 50 条

[41] Content Analysis of Indonesian National Security Architecture
Surwandono
Ramadhani, Masyithoh Annisa
PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON ETHICS IN GOVERNANCE (ICONEG 2016), 2016, 84 : 138 - 142
[42] Network Content Security Evaluation Method Analysis
Zhang, Dongyan
Yin, Lihua
Chen, Hongsong
THEORETICAL AND MATHEMATICAL FOUNDATIONS OF COMPUTER SCIENCE, 2011, 164 : 23 - +
[43] Compliance with Information Security Policies: A Meta-Analysis of the role of the definition of the term "Security Policies" Emergent Research Forum (ERF)
Sikolia, David
25TH AMERICAS CONFERENCE ON INFORMATION SYSTEMS (AMCIS 2019), 2019,
[44] Semantically extended digital watermarking model for multimedia content
Liu, HJ
Ferri, LC
Steinebach, M
COMMUNICATIONS AND MULTIMEDIA SECURITY, 2005, 3677 : 282 - 283
[45] Content Analysis of Privacy Policies Before and After GDPR
Bateni, Nastaran
Kaur, Jasmin
Dara, Rozita
Song, Fei
2022 19TH ANNUAL INTERNATIONAL CONFERENCE ON PRIVACY, SECURITY & TRUST (PST), 2022,
[46] A content analysis of whistleblowing policies of leading european companies
Hassink, Harold
de Vries, Meinderd
Bollen, Laury
JOURNAL OF BUSINESS ETHICS, 2007, 75 (01) : 25 - 44
[47] Content Analysis of Medical and Health Apps' rivacy Policies
Brumen B.
Brumen, Boštjan (bostjan.brumen@uni-mb.si), 1600, IOS Press BV (343): : 188 - 203
[48] A Content Analysis of Whistleblowing Policies of Leading European Companies
Harold Hassink
Meinderd de Vries
Laury Bollen
Journal of Business Ethics, 2007, 75 : 25 - 44
[49] A Content Analysis of the Privacy Policies of Cloud Computing Services
Gao, Lei
Brink, Alisa G.
JOURNAL OF INFORMATION SYSTEMS, 2019, 33 (03) : 93 - 115
[50] SECURITY POLICIES AND THEIR CONNECTION WITH SECURITY STRATEGY AND SECURITY MANAGEMENT
LIPPOLD, H
STELZER, D
KONRAD, P
WIRTSCHAFTSINFORMATIK, 1992, 34 (04): : 367 - 377

← 1 2 3 4 5 →