• Published 2010

The Emperor ’ s New APIs : On the ( In ) Secure Usage of New Client-side Primitives

@inproceedings{Hanna2010TheE,
  title={The Emperor ’ s New APIs : On the ( In ) Secure Usage of New Client-side Primitives},
  author={Steve Hanna and Eui Chul Richard Shin and Devdatta Akhawe and Arman Boehm and Prateek Saxena and Dawn Song},
  year={2010}
}
Several new browser primitives have been proposed to meet the demands of application interactivity while enabling security. To investigate whether applications consistently use these primitives safely in practice, we study the real-world usage of two client-side primitives, namely postMessage and HTML5’s client-side database storage. We examine new purely client-side communication protocols layered on postMessage (Facebook Connect and Google Friend Connect) and several real-world web… CONTINUE READING

Figures from this paper.

Citations

Publications citing this paper.
SHOWING 1-10 OF 34 CITATIONS

References

Publications referenced by this paper.
SHOWING 1-9 OF 9 REFERENCES

A Symbolic Execution Framework for JavaScript

  • 2010 IEEE Symposium on Security and Privacy
  • 2010
VIEW 9 EXCERPTS

Hello HTML5. http://gearsblog.blogspot.com/2010/ 02/hello-html5.html

I. Fette
  • 2010
VIEW 12 EXCERPTS
HIGHLY INFLUENTIAL

The Dangers of Persistent Web Browser Storage

M. Sutton
  • www.blackhat.com/ blackhat-dc-09-Sutton-persistent-storage.pdf,
  • 2009
VIEW 2 EXCERPTS

Robust De-anonymization of Large Sparse Datasets

  • 2008 IEEE Symposium on Security and Privacy (sp 2008)
  • 2008
VIEW 1 EXCERPT

Temporary user tracking in major browsers and cross-domain information leakage and attacks, 2008. http://www.trusteer.com/sites/default/files/Temporary User Tracking in Major Browsers.pdf

A. Klein
  • 2008
VIEW 1 EXCERPT