- Establishing Browser Security Guarantees through Formal Shim Verification (USENIX Security '12 / accept-rate: 19%)
Dongseok Jang and Zachary Tatlock and Sorin Lerner
Developed a multi-process architecture browser with a small, formally verified browser kernel.
[Project Site] [Tech Report] [Bibtex]
- Analyzing the Cross-domain Policies of Flash Applications (W2SP '11)
Dongseok Jang and Aishwarya Venkataraman and G. Michael Sawka and Hovav Shacham
Found security holes in crossdomain.xml used by Flash applications on top 50k sites.
Dongseok Jang Ranjit Jhala and Sorin Lerner and Hovav Shacham
Found real cases of browsing history leakage on top sites.
- This paper has got a fair bit of press coverage:
The Wall Street Journal,
The Huffington Post,
and UCSD's own
Dongseok Jang and Kwang-Moo Choe