, Helios: Web-based open-audit voting, USENIX Security Symposium, pp.335-348, 2008.
, Rootkits for JavaScript environments, p.9, 2009.
, Privilege separation in html5 applications, Proceedings of the USENIX Security Symposium, 2012.
, Privacy Supporting Cloud Computing: ConfiChair, a Case Study, POST, pp.89-108, 2012.
DOI : 10.1007/978-3-642-28641-4_6
, Multiple facets for dynamic information flow, POPL, pp.165-178, 2012.
, Discovering Concrete Attacks on Website Authorization by Formal Analysis, 2012 IEEE 25th Computer Security Foundations Symposium, pp.247-262, 2012.
DOI : 10.1109/CSF.2012.27
URL : https://hal.archives-ouvertes.fr/hal-00815834
, Attacks on JavaScript mashup communication, W2SP'09, 2009.
, Securing frame communication in browsers, Proc. of USENIX Security, 2008.
DOI : 10.1145/1516046.1516066
, Secure Password Managers " and " Military-Grade Encryption " on Smartphones: Oh, Really?, 2012.
, Web-based attacks on host-proof encrypted storage, Workshop on Offensive Technologies (WOOT), 2012.
URL : https://hal.archives-ouvertes.fr/hal-00863383
, Google-Caja: A source-to-source translator for securing JavaScript-based web ADsafe: Making JavaScript safe for advertising, 2008.
, FlowFox, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.748-759, 2012.
DOI : 10.1145/2382196.2382275
, On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983.
DOI : 10.1109/TIT.1983.1056650
, Preventing Capability Leaks in Secure JavaScript Subsets, BDSS'10, 2010.
, Fully abstract compilation to javascript, POPL'13, 2013.
DOI : 10.1145/2429069.2429114
URL : https://hal.archives-ouvertes.fr/hal-00780803
, Towards a program logic for JavaScript, 2012.
, The OAuth 2.0 Authorization Protocol, IETF Internet Draft, 2011.
, Information-Flow Security for a Core of JavaScript, 2012 IEEE 25th Computer Security Foundations Symposium, pp.3-18, 2012.
DOI : 10.1109/CSF.2012.19
, Mashic compiler: Mashup sandboxing based on interframe communication, p.12, 2012.
, Isolating JavaScript with Filters, Rewriting, and Wrappers, ESORICS'09, 2009.
DOI : 10.1007/978-3-540-31987-0_28
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.158.641
, Object views, Proceedings of the 19th international conference on World wide web, WWW '10, 2010.
DOI : 10.1145/1772690.1772764
, ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser, 2010 IEEE Symposium on Security and Privacy, 2010.
DOI : 10.1109/SP.2010.36
, Jigsaw: Efficient , Low-effort Mashup Isolation, USENIX Web Application Development, 2012.
, Lightweight self-protecting JavaScript. ASIACCS '09, 2009.
DOI : 10.1145/1533057.1533067
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.157.6038
, ADsafety: type-based verification of JavaScript sandboxing, USENIX Security, 2011.
, Browser- Shield: Vulnerability-driven filtering of Dynamic HTML, ACM Transactions on the Web, vol.1, issue.3, 2007.
, Busting frame busting: a study of clickjacking vulnerabilities at popular sites, W2SP'10, 2010.
, On breaking saml: Be whoever you want to be, Workshop on Offensive Technologies (WOOT), 2012.
, Symmetric Cryptography in Javascript, 2009 Annual Computer Security Applications Conference, pp.373-381, 2009.
DOI : 10.1109/ACSAC.2009.42
, Automated Analysis of Security-Critical JavaScript APIs, 2011 IEEE Symposium on Security and Privacy, 2011.
DOI : 10.1109/SP.2011.39
, Signing me onto your accounts through facebook and google: A trafficguided security study of commercially deployed single-sign-on web services XiaoFeng Wang, and Shaz Qadeer. How to shop for free online -security analysis of cashier-as-aservice based web stores, IEEE Symposium on Security and Privacy IEEE Symposium on Security and Privacy, pp.365-379, 2011.