Javascript Security and Privacy Funded by NSF Award CNS-0964702

Overview

Modern websites are powered by JavaScript, a flexible dynamic scripting language that executes in client browsers. However, the dynamic nature of JavaScript web applications has also opened up the possibility of a variety of security vulnerabilities. The broad goal of this project is to investigate the use of program analysis for improving the reliability and security of Javascript-based Web 2.0 applications.

Publications

• An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications (CCS 2010)
      with Dongseok Jang, Ranjit Jhala, and Hovav Shacham
• Staged Information Flow for JavaScript (PLDI 2009)
      with Ravi Chugh, Jeffrey A. Meister, and Ranjit Jhala