Rootkits for JavaScript environments, WOOT, 2009. ,
Privilege separation in HTML5 applications, USENIX Security, 2012. ,
Multiple facets for dynamic information flow, POPL, pp.165-178, 2012. ,
JavaSPI, International Journal of Secure Software Engineering, vol.2, issue.4, pp.34-48, 2011. ,
DOI : 10.4018/jsse.2011100103
Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage, 2013. ,
DOI : 10.1007/978-3-642-36830-1_7
URL : https://hal.archives-ouvertes.fr/hal-00863375
Discovering Concrete Attacks on Website Authorization by Formal Analysis, 2012 IEEE 25th Computer Security Foundations Symposium, pp.247-262, 2012. ,
DOI : 10.1109/CSF.2012.27
URL : https://hal.archives-ouvertes.fr/hal-00815834
Attacks on JavaScript mashup communication, W2SP, 2009. ,
Securing frame communication in browsers, USENIX Security, 2008. ,
DOI : 10.1145/1516046.1516066
Secure password managers " and " Military-grade encryption " on smartphones: Oh, really?, 2012. ,
Web-based attacks on host-proof encrypted storage, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-00863383
Defensive JavaScript website with testbed, technical report and supporting materials, 2013. ,
Verified interoperable implementations of security protocols, CSFW, pp.139-152, 2006. ,
ProVerif: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial ,
F-bounded polymorphism for objectoriented programming, FPCA, pp.273-280, 1989. ,
Extensible records in a pure calculus of subtyping, Theoretical Aspects of Object-Oriented Programming, pp.373-425, 1994. ,
ADsafe: Making JavaScript safe for advertising, 2008. ,
FlowFox, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.748-759, 2012. ,
DOI : 10.1145/2382196.2382275
On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983. ,
DOI : 10.1109/TIT.1983.1056650
Verifiable functional purity in java, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.161-174, 2008. ,
DOI : 10.1145/1455770.1455793
Preventing Capability Leaks in Secure JavaScript Subsets, BDSS, 2010. ,
Fully abstract compilation to JavaScript, POPL'13, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00780803
JSON hijacking, 2009. ,
The OAuth 2.0 authorization framework, IETF RFC, vol.6749, 2012. ,
DOI : 10.17487/rfc6749
Information-Flow Security for a Core of JavaScript, 2012 IEEE 25th Computer Security Foundations Symposium, pp.3-18, 2012. ,
DOI : 10.1109/CSF.2012.19
Isolating JavaScript with Filters, Rewriting, and Wrappers, ESORICS'09, 2009. ,
DOI : 10.1007/978-3-540-31987-0_28
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.158.641
Object views, Proceedings of the 19th international conference on World wide web, WWW '10, 2010. ,
DOI : 10.1145/1772690.1772764
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser, 2010 IEEE Symposium on Security and Privacy, 2010. ,
DOI : 10.1109/SP.2010.36
Jigsaw: Efficient, loweffort mashup isolation, USENIX Web Application Development, 2012. ,
Functions as processes, Automata, Languages and Programming, pp.167-180, 1990. ,
URL : https://hal.archives-ouvertes.fr/inria-00075405
Lightweight self-protecting JavaScript ADsafety: Type-based verification of JavaScript sandboxing, ASIACCS USENIX Security, 2009. ,
Type inference in the presence of subtyping: from theory to practice, Research Report, vol.3483, 1998. ,
URL : https://hal.archives-ouvertes.fr/inria-00073205
BrowserShield, ACM Transactions on the Web, vol.1, issue.3, 2007. ,
DOI : 10.1145/1281480.1281481
Busting frame busting: a study of clickjacking vulnerabilities at popular sites, W2SP'10, 2010. ,
On breaking SAML: Be whoever you want to be, 2012. ,
Symmetric Cryptography in Javascript, 2009 Annual Computer Security Applications Conference, pp.373-381, 2009. ,
DOI : 10.1109/ACSAC.2009.42
Content Security Policy 1.0. W3C Candidate Recommendation, 2012. ,
Automated analysis of securitycritical JavaScript APIs, IEEE S&P, 2011. ,
A source-to-source translator for securing JavaScript-based web ,
Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, 2012 IEEE Symposium on Security and Privacy, pp.365-379, 2012. ,
DOI : 10.1109/SP.2012.30
How to shop for free online -security analysis of cashieras-a-service based web stores, IEEE S&P, pp.465-480, 2011. ,
The Tangled Web, 2011. ,
Mashic compiler: Mashup sandboxing based on inter-frame communication, 2012. ,