Helios: Web-based open-audit voting, USENIX Security Symposium, pp.335-348, 2008. ,
Rootkits for JavaScript environments, p.9, 2009. ,
Privilege separation in html5 applications, Proceedings of the USENIX Security Symposium, 2012. ,
Privacy Supporting Cloud Computing: ConfiChair, a Case Study, POST, pp.89-108, 2012. ,
DOI : 10.1007/978-3-642-28641-4_6
Multiple facets for dynamic information flow, POPL, pp.165-178, 2012. ,
Discovering Concrete Attacks on Website Authorization by Formal Analysis, 2012 IEEE 25th Computer Security Foundations Symposium, pp.247-262, 2012. ,
DOI : 10.1109/CSF.2012.27
URL : https://hal.archives-ouvertes.fr/hal-00815834
Attacks on JavaScript mashup communication, W2SP'09, 2009. ,
Securing frame communication in browsers, Proc. of USENIX Security, 2008. ,
DOI : 10.1145/1516046.1516066
Secure Password Managers " and " Military-Grade Encryption " on Smartphones: Oh, Really?, 2012. ,
Web-based attacks on host-proof encrypted storage, Workshop on Offensive Technologies (WOOT), 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-00863383
Google-Caja: A source-to-source translator for securing JavaScript-based web ADsafe: Making JavaScript safe for advertising, 2008. ,
FlowFox, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.748-759, 2012. ,
DOI : 10.1145/2382196.2382275
On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983. ,
DOI : 10.1109/TIT.1983.1056650
Preventing Capability Leaks in Secure JavaScript Subsets, BDSS'10, 2010. ,
Fully abstract compilation to javascript, POPL'13, 2013. ,
DOI : 10.1145/2429069.2429114
URL : https://hal.archives-ouvertes.fr/hal-00780803
Towards a program logic for JavaScript, 2012. ,
The OAuth 2.0 Authorization Protocol, IETF Internet Draft, 2011. ,
Information-Flow Security for a Core of JavaScript, 2012 IEEE 25th Computer Security Foundations Symposium, pp.3-18, 2012. ,
DOI : 10.1109/CSF.2012.19
Mashic compiler: Mashup sandboxing based on interframe communication, p.12, 2012. ,
Isolating JavaScript with Filters, Rewriting, and Wrappers, ESORICS'09, 2009. ,
DOI : 10.1007/978-3-540-31987-0_28
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.158.641
Object views, Proceedings of the 19th international conference on World wide web, WWW '10, 2010. ,
DOI : 10.1145/1772690.1772764
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser, 2010 IEEE Symposium on Security and Privacy, 2010. ,
DOI : 10.1109/SP.2010.36
Jigsaw: Efficient , Low-effort Mashup Isolation, USENIX Web Application Development, 2012. ,
Lightweight self-protecting JavaScript. ASIACCS '09, 2009. ,
DOI : 10.1145/1533057.1533067
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.157.6038
ADsafety: type-based verification of JavaScript sandboxing, USENIX Security, 2011. ,
Browser- Shield: Vulnerability-driven filtering of Dynamic HTML, ACM Transactions on the Web, vol.1, issue.3, 2007. ,
Busting frame busting: a study of clickjacking vulnerabilities at popular sites, W2SP'10, 2010. ,
On breaking saml: Be whoever you want to be, Workshop on Offensive Technologies (WOOT), 2012. ,
Symmetric Cryptography in Javascript, 2009 Annual Computer Security Applications Conference, pp.373-381, 2009. ,
DOI : 10.1109/ACSAC.2009.42
Automated Analysis of Security-Critical JavaScript APIs, 2011 IEEE Symposium on Security and Privacy, 2011. ,
DOI : 10.1109/SP.2011.39
Signing me onto your accounts through facebook and google: A trafficguided security study of commercially deployed single-sign-on web services XiaoFeng Wang, and Shaz Qadeer. How to shop for free online -security analysis of cashier-as-aservice based web stores, IEEE Symposium on Security and Privacy IEEE Symposium on Security and Privacy, pp.365-379, 2011. ,