Language-based Defenses against Untrusted Browser Origins Karthikeyan Bhargavan INRIA Paris-Rocquencourt Antoine Delignat-Lavaud INRIA Paris-Rocquencourt

Source URL: www.doc.ic.ac.uk

• Computing
• Computer security
• Software engineering
• Computer access control
• Cloud standards
• Hacking
• Computer network security
• Web development
• JavaScript
• HTTP cookie
• Cross-site scripting
• Cross-site request forgery

Discovering Concrete Attacks on Website Authorization by Formal Analysis

Source URL: www.doc.ic.ac.uk

• Computing
• Computer access control
• Computer security
• Cloud standards
• Federated identity
• Security
• OAuth
• Cross-site request forgery
• OpenID
• Cross-site scripting
• Social login
• HTTP cookie

A Trusted Mechanised JavaScript Specification Martin Bodin Arthur Charguéraud Daniele Filaretti

Source URL: www.doc.ic.ac.uk

Modelling Dynamic Web Data ? Philippa Gardner, Sergio Maffeis ∗ Department of Computing 180 Queen’s Gate, South Kensington Campus, Imperial College London SW7 2AZ, UK.

Source URL: www.doc.ic.ac.uk

• Process calculi
• Theoretical computer science
• -calculus
• Process calculus
• Computability theory
• Markov models
• Computer science
• Normal distribution
• Cognitive science
• Algorithm characterizations

The Protection of Information in Computer Systems JEROME H. SALTZER, SENIOR MEMBER, IEEE, AND MICHAEL D. SCHROEDER, MEMBER, IEEE Invited Paper Abstract - This tutorial paper explores the mechanics of

Source URL: www.doc.ic.ac.uk

• Computer security
• Security engineering
• Prevention
• Security
• Crime prevention
• Cryptography
• Information governance
• National security
• Password
• Operating system
• Protection ring
• Capability-based security

Isolating JavaScript with Filters, Rewriting, and Wrappers Sergio Maffeis1 , John C. Mitchell2 , and Ankur Taly2 1 Imperial College London

Source URL: www.doc.ic.ac.uk

• Software engineering
• Computing
• Computer programming
• Functional languages
• Control flow
• High-level programming languages
• Programming language comparisons
• Programming language syntax
• Eval
• JavaScript
• Scope
• Dynamic programming language

Precise client-side protection against DOM-based Cross-Site Scripting Ben Stock FAU Erlangen-Nuremberg Sebastian Lekies

Source URL: www.doc.ic.ac.uk

• Computing
• Software engineering
• Computer programming
• Functional languages
• Web programming
• HTML
• Hacking
• Cross-site scripting
• Ajax
• JavaScript
• Code injection
• HTTP cookie

Behavioural Equivalences for Dynamic Web Data Sergio Maffeis Philippa Gardner Department of Computing, Imperial College London {maffeis,pg}@doc.ic.ac.uk Abstract

Source URL: www.doc.ic.ac.uk

• Computing
• Data management
• Data
• Information
• Technical communication
• Process calculi
• File sharing
• Business intelligence
• Data integration
• Effi
• Database
• -calculus

Run-Time Enforcement of Secure JavaScript Subsets Sergio Maffeis Imperial College London John C. Mitchell

Source URL: www.doc.ic.ac.uk

• Software engineering
• Computer programming
• Computing
• High-level programming languages
• Functional languages
• Cross-platform software
• Scripting languages
• JavaScript
• Web programming
• Scope
• Eval
• C Sharp

OWASP TopThe Ten Most Critical Web Application Security Risks https://owasp.org This work is licensed under a

Source URL: www.doc.ic.ac.uk

• Computer security
• Computing
• Cyberwarfare
• Computer network security
• Hacking
• Web applications
• OWASP
• Web application security
• Security
• Application security
• XML external entity attack
• SQL injection