Language-Based Isolation of Untrusted Java']JavaScript

被引：23

作者：

Maffeis, Sergio ^{[1
]}

Taly, Ankur ^{[2
]}

机构：

[1] Univ London Imperial Coll Sci Technol & Med, Dept Comp, London, England

[2] Stanford Univ, Dept Comp Sci, Palo Alto, CA USA

来源：

PROCEEDINGS OF THE 22ND IEEE COMPUTER SECURITY FOUNDATIONS SYMPOSIUM | 2009年

基金：

英国工程与自然科学研究理事会; 美国国家科学基金会;

关键词：

D O I：

10.1109/CSF.2009.11

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Web sites that incorporate untrusted content may use browser- or language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We study language-based methods for filtering and rewriting JavaScript code, using Yahoo! ADSafe and Facebook FBJS as motivating examples. We explain the core problems by describing previously unknown vulnerabilities and subtleties, and develop a foundation for improved solutions based on an operational semantics of the full ECMA-262 language. We also discuss how to apply our analysis to address the JavaScript isolation problems we discovered.

引用

页码：77 / +

页数：2

共 50 条

[1] Enclosure: Language-Based Restriction of Untrusted Libraries
Ghosn, Adrien
Kogias, Marios
Payer, Mathias
Larus, James R.
Bugnion, Edouard
[J]. ASPLOS XXVI: TWENTY-SIXTH INTERNATIONAL CONFERENCE ON ARCHITECTURAL SUPPORT FOR PROGRAMMING LANGUAGES AND OPERATING SYSTEMS, 2021, : 255 - 267
[2] SANDDRILLER: A Fully-Automated Approach for Testing Language-Based Java']JavaScript Sandboxes
AlHamdan, Abdullah
Staicu, Cristian-Alexandru
[J]. PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM, 2023, : 3457 - 3474
[3] The Object-Java']JavaScript language
Hennen, DS
Ramachandran, S
Mamrak, SA
[J]. SOFTWARE-PRACTICE & EXPERIENCE, 2000, 30 (14): : 1571 - 1585
[4] Java']JavaScript primer plus: Enhancing Web pages with Java']JavaScript programming language
Kelly, AG
[J]. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 1998, 18 (02) : 162 - 162
[5] Java']JavaScript: Designing a Language in 10 Days
Severance, Charles
[J]. COMPUTER, 2012, 45 (02) : 7 - 8
[6] Is Java']JavaScript an object-oriented language?
McKenzie, N
[J]. DR DOBBS JOURNAL, 2001, 26 (08): : 115 - 116
[7] Java']JavaScript Language Design and Implementation in Tandem
Ryu, Sukyoung
Park, Jihyeok
[J]. COMMUNICATIONS OF THE ACM, 2024, 67 (05) : 86 - 95
[8] Roy A Statically Typed, Functional Language for Java']JavaScript
McKenna, Brian
[J]. IEEE INTERNET COMPUTING, 2012, 16 (03) : 86 - 91
[9] Language-Based Hypervisors
Budianto, Enrico
Chow, Richard
Ding, Jonathan
McCool, Michael
[J]. CRYPTOLOGY AND NETWORK SECURITY, CANS 2016, 2016, 10052 : 731 - 736
[10] Language-Based Medicine
Kolla, Avani M.
[J]. ACADEMIC MEDICINE, 2022, 97 (02) : 207 - 207

← 1 2 3 4 5 →