English
Related papers

Related papers: On the Integrity of Cross-Origin JavaScripts

200 papers

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty

We study the impact of Stack Overflow code evolution on the stability of prior research findings derived from Stack Overflow data and provide recommendations for future studies. We systematically reviewed papers published between 2005--2023…

Cryptography and Security · Computer Science 2025-04-08 Alfusainey Jallow , Sven Bugiel

Exaggeration or context changes can render maintainability experience into prejudice. For example, JavaScript is often seen as least elegant language and hence of lowest maintainability. Such prejudice should not guide decisions without…

Software Engineering · Computer Science 2019-01-14 Tobias Roehm , Daniel Veihelmann , Stefan Wagner , Elmar Juergens

This paper performs a large-scale study of dependency chains in the web, to find that around 50% of first-party websites render content that they did not directly load. Although the majority (84.91%) of websites have short dependency chains…

Cryptography and Security · Computer Science 2022-03-08 Muhammad Ikram , Rahat Masood , Gareth Tyson , Mohamed Ali Kaafar , Roya Ensafi

The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for…

Cryptography and Security · Computer Science 2021-03-09 Anatoly Shusterman , Ayush Agarwal , Sioli O'Connell , Daniel Genkin , Yossi Oren , Yuval Yarom

Due to the growing number of cyber attacks against computer systems, we need to pay special attention to the security of our software systems. In order to maximize the effectiveness, excluding the human component from this process would be…

Cryptography and Security · Computer Science 2021-05-18 Tamás Viszkok , Péter Hegedűs , Rudolf Ferenc

Consider a source and multiple users who observe the independent and identically distributed (i.i.d.) copies of correlated Gaussian random variables. The source wishes to compress its observations and store the result in a public database…

Information Theory · Computer Science 2024-07-31 Hassan ZivariFard , Remi A. Chou

Securing the communication between a web server and a browser is a fundamental task of securing the World Wide Web. Websites today rely heavily on HTTPS to set up secure connections. In recent years, several incidents undermined this trust…

Cryptography and Security · Computer Science 2021-05-13 Thomas Sutter , Kevin Lapagna , Peter Berlich , Marc Rennhard , Fabio Germann

There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the…

Programming Languages · Computer Science 2012-12-12 Stéphane Ducasse , Nicolas Petton , Guillermo Polito , Damien Cassou

The web continues to grow, but dependency-monitoring tools and standards for resource integrity lag behind. Currently, there exists no robust method to verify the integrity of web resources, much less in a generalizable yet performant…

Cryptography and Security · Computer Science 2025-09-19 Johnny So , Michael Ferdman , Nick Nikiforakis

Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Florian Sieck , Anna Pätschke , Thomas Eisenbarth

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that…

Cryptography and Security · Computer Science 2019-06-28 Cristian-Alexandru Staicu , Daniel Schoepe , Musard Balliu , Michael Pradel , Andrei Sabelfeld

In this paper we argue that policies are an increasing concern for organizations that are operating a web site. Examples of policies that are relevant in the domain of the web address issues such as privacy of personal data, accessibility…

Computers and Society · Computer Science 2008-07-31 Holger M. Kienle , Hausi A. Müller

Developers frequently reuse Stack Overflow code snippets, yet the quality of these snippets remains unevenly understood, particularly across programming languages and geographic contexts. This study investigates code quality in Stack…

Software Engineering · Computer Science 2026-05-06 Elijah Zolduoarrati , Sherlock A. Licorish , Nigel Stanger

We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code…

Cryptography and Security · Computer Science 2023-03-09 Nicholas Boucher , Ross Anderson

While JavaScript established itself as a cornerstone of the modern web, it also constitutes a major tracking and security vector, thus raising critical privacy and security concerns. In this context, some browser extensions propose to…

Cryptography and Security · Computer Science 2023-01-26 Romain Fouquet , Pierre Laperdrix , Romain Rouvoy

Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack…

Cryptography and Security · Computer Science 2019-02-22 Anatoly Shusterman , Lachlan Kang , Yarden Haskal , Yosef Meltser , Prateek Mittal , Yossi Oren , Yuval Yarom

We present a study of how local frames (i.e., iframes loading content like "about:blank") are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack…

Cryptography and Security · Computer Science 2025-07-03 Alisha Ukani , Hamed Haddadi , Alex C. Snoeren , Peter Snyder

The drastic increase of JavaScript exploitation attacks has led to a strong interest in developing techniques to enable malicious JavaScript analysis. Existing analysis tech- niques fall into two general categories: static analysis and…

Cryptography and Security · Computer Science 2017-01-30 Xunchao Hu , Yao Cheng , Yue Duan , Andrew Henderson , Heng Yin

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto