Skip to Main content Skip to Navigation
Conference papers

Semantically Sound Analysis of Content Security Policies

Abstract : Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.
Complete list of metadatas

Cited literature [6 references]  Display  Hide  Download

https://hal.inria.fr/hal-02313752
Contributor : Hal Ifip <>
Submitted on : Friday, October 11, 2019 - 2:56:01 PM
Last modification on : Friday, October 11, 2019 - 3:43:39 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2022-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Stefano Calzavara, Alvise Rabitti, Michele Bugliesi. Semantically Sound Analysis of Content Security Policies. 39th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE), Jun 2019, Copenhagen, Denmark. pp.293-297, ⟨10.1007/978-3-030-21759-4_18⟩. ⟨hal-02313752⟩

Share

Metrics

Record views

51