|![[Search]](http://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](http://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](http://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](http://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](http://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Microsoft Research Cambridge, public talks > Confining the Ghost in the Machine: Using Types to Secure JavaScript Sandboxing
Confining the Ghost in the Machine: Using Types to Secure JavaScript SandboxingAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins. This event may be recorded and made available internally or externally via http://research.microsoft.com. Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending The commercial Web depends on combining content, especially advertisements, from sites that do not trust one another. Because this content can contain malicious code, several corporations and researchers have designed JavaScript sandboxing techniques (e.g., ADsafe, Caja, and Facebook JavaScript). These sandboxes depend on static restrictions, transformations, and libraries that perform dynamic checks. How can we be sure that they work? We tackle the problem of proving the security of these sandboxes. Our technique depends on creating specialized types to characterize the properties of the sandboxes, exploiting the structure of the checks contained in the libraries. The resulting checkers work on actual JavaScript code that is effectively unaltered; I will focus on our application to Yahoo!’s ADsafe. We establish soundness using our semantics for JavaScript, which has been tested for conformity against real implementations. Joint work with Arjun Guha and Joe Politz. This talk is part of the Microsoft Research Cambridge, public talks series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsCentre for European Legal Studies List Market Square: Cambridge Business and Society Interdisciplinary Research Group Computer Laboratory Systems Research Group SeminarOther talksA transmissible RNA pathway in honeybees EMERGING EPIGENETICS: DETECTING & MODIFYING EPIGENETICS MARKS Kidney cancer: the most lethal urological malignancy Future directions panel Sneks long balus Drugs and Alcohol Graded linearisations for linear algebraic group actions 70th Anniversary Celebration The Rise of Augmented Intelligence in Edge Networks Scale and anisotropic effects in necking of metallic tensile specimens Laser Printed Organic Electronics, Metal-Organic Framework - Polymer Nanofiber Composites for Gas Separation |
Shriram Krishnamurthi, Brown University
Wednesday 18 April 2012, 10:30-11:30