We present a programming model for building web applications with security properties that can be confidently verified during a security review. In our model, applications are d...
Akshay Krishnamurthy, Adrian Mettler, David Wagner
Modern websites are powered by JavaScript, a flexible dynamic scripting language that executes in client browsers. A common paradigm in such websites is to include third-party Ja...
Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, Sori...
Cross-site scripting (XSS) and SQL injection errors are two prominent examples of taint-based vulnerabilities that have been responsible for a large number of security breaches in...
Many techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. Whil...
This paper presents SAgent, a general-purpose mobile agent security framework that is designed to protect the computations of mobile agent applications in potentially hostile envi...