Jasvir Nagra scite author profile

Abstract-JavaScript is widely used to provide client-side functionality in Web applications. To provide services ranging from maps to advertisements, Web applications may incorporate untrusted JavaScript code from third parties. The trusted portion of each application may then expose an API to untrusted code, interposing a reference monitor that mediates access to security-critical resources. However, a JavaScript reference monitor can only be effective if it cannot be circumvented through programming tricks or programming language idiosyncracies. In order to verify complete mediation of critical resources for applications of interest, we define the semantics of a restricted version of JavaScript devised by the ECMA Standards committee for isolation purposes, and develop and test an automated tool that can soundly establish that a given API cannot be circumvented or subverted. Our tool reveals a previously-undiscovered vulnerability in the widely-examined Yahoo! ADsafe filter and verifies confinement of the repaired filter and other examples from the Object-Capability literature.

show abstract

Distributed application tamper detection via continuous software updates

Collberg

Martin

Myers

et al. 2012

View full text Add to dashboard Cite

Threading Software Watermarks

Nagra

Thomborson

2004

View full text Add to dashboard Cite

Abstract. We introduce a new dynamic technique for embedding robust software watermarks into a software program using thread contention. We show the technique to be resilient to many semantic-preserving transformations that most existing proposals are susceptible to. We describe the technique for encoding the watermark as a bit string and a scheme for embedding and recognizing the watermark using thread contention. Experimental results with Java bytecode indicate that thread based watermarks have small impact on the size of applications and only a modest effect on their speed.

show abstract

A system for graph-based visualization of the evolution of software

Collberg

Kobourov

Nagra

et al. 2003

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jasvir Nagra

A system for graph-based visualization of the evolution of software

Automated Analysis of Security-Critical JavaScript APIs

Distributed application tamper detection via continuous software updates

Threading Software Watermarks

A system for graph-based visualization of the evolution of software

Contact Info

Product

Resources

About