Output details
11 - Computer Science and Informatics
Imperial College London
Language-based defenses against untrusted browser origins
<19>Acceptance: 16%/277
This paper presents new attacks and robust countermeasures for security-sensitive components, such as single sign-on APIs and client-side cryptographic libraries, that need to be safely deployed on untrusted web pages. This builds on work by the same authors at CSF'12, POST'13, and an invited submission (under review) to "Journal of Computer Security". As part of this work, we found dozens of previously unknown vulnerabilities (reported by co-authors, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=802557, https://www.facebook.com/BugBounty/posts/132102556947900) in Facebook, Firefox, Yahoo, and other popular applications. We contacted the affected companies advising on how to fix these problems.