2010
DOI: 10.1007/978-3-642-11503-5_13
|View full text |Cite
|
Sign up to set email alerts
|

ActionScript In-Lined Reference Monitoring in Prolog

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
11
0

Year Published

2010
2010
2018
2018

Publication Types

Select...
2
2
2

Relationship

3
3

Authors

Journals

citations
Cited by 11 publications
(11 citation statements)
references
References 5 publications
0
11
0
Order By: Relevance
“…Though its bytecode language is type-safe, past malware has exploited VM buffer overflows [37], implemented cross-site-scripting attacks, and performed click-jacking [38,39] to damage browsers or disrupt victim host pages. The difficulty of enforcing rich AS security policies that prevent such attacks in web environments that are aggressively heterogeneous (e.g., composed of mash-ups that mix mobile code from many mutually distrusting sources) has led to application of IRM technologies to this challenging problem domain [9,[25][26][27][28]40].…”
Section: Background and Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Though its bytecode language is type-safe, past malware has exploited VM buffer overflows [37], implemented cross-site-scripting attacks, and performed click-jacking [38,39] to damage browsers or disrupt victim host pages. The difficulty of enforcing rich AS security policies that prevent such attacks in web environments that are aggressively heterogeneous (e.g., composed of mash-ups that mix mobile code from many mutually distrusting sources) has led to application of IRM technologies to this challenging problem domain [9,[25][26][27][28]40].…”
Section: Background and Related Workmentioning
confidence: 99%
“…Numerous past works have developed powerful technologies for formally machine-verifying the soundness of IRMs [7,8,[25][26][27][28][29][30]. This is important for establishing high assurance, and for minimizing and stabilizing the trusted computing base (TCB) of IRM systems.…”
Section: Introductionmentioning
confidence: 99%
“…SPoX enforces policies expressible as security automata [3] and implements them by in-lining the automata into Java bytecode [22]. Related work has implemented IRM's for several other architectures, including the Microsoft .NET framework [20], ActionScript bytecode [33], and x86 assembly code [17]. The approach is also widely used for a variety of debugging purposes, such as for detecting race conditions [5].…”
Section: Related Workmentioning
confidence: 99%
“…Past case studies have demonstrated that such advice is extremely difficult to write correctly, especially when the policy is intended to apply to large classes of untrusted programs rather than individual applications [21]. Moreover, in many domains, such as web ad security, policy specifications change rapidly as new attacks and vulnerabilities are discovered (cf., [23,29,30]). Thus, the considerable effort that might be devoted to formally verifying one particular aspect implementation quickly becomes obsolete when the aspect is revised in response to a new threat.…”
Section: Introductionmentioning
confidence: 99%
“…Cheko was inspired by our prior work on model-checking IRMs [30,29,9], but includes numerous substantial theoretic and pragmatic leaps beyond those earlier works. These include:…”
Section: Introductionmentioning
confidence: 99%