We present ADSandbox, an analysis system for malicious websites that focusses on detecting attacks through JavaScript. Since, in contrast to Java, JavaScript does not have any bui...
Software complexity is often hypothesized to be the enemy of software security. We performed statistical analysis on nine code complexity metrics from the JavaScript Engine in the...
Developing a general component system for a statically typed, object-oriented language is a challenging design problem for two reasons. First, mutually recursive references across...
This paper presents a new approach called model-carrying code (MCC) for safe execution of untrusted code. At the heart of MCC is the idea that untrusted code comes equipped with a...
R. Sekar, V. N. Venkatakrishnan, Samik Basu, Sande...
Current practice in testing JavaScript web applications requires manual construction of test cases, which is difficult and tedious. We present a framework for feedback-directed a...
Shay Artzi, Julian Dolby, Simon Holm Jensen, Ander...