 |
Formal Techniques for Distributed Objects, Components, and Systems 39th IFIP WG 6.1 International Conference, FORTE 2019 Held as Part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019 Kongens Lyngby, Denmark, June 17–21, 2019 |
 |
Conference papers
Semantically Sound Analysis of Content Security Policies
Abstract : Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.
Cited literature [6 references]
https://hal.inria.fr/hal-02313752
Contributor : Hal Ifip <>
Submitted on : Friday, October 11, 2019 - 2:56:01 PM
Last modification on : Friday, October 11, 2019 - 3:43:39 PM
Contributor : Hal Ifip <>
Submitted on : Friday, October 11, 2019 - 2:56:01 PM
Last modification on : Friday, October 11, 2019 - 3:43:39 PM
Licence
Distributed under a Creative Commons Attribution 4.0 International License