Towards a Formal Foundation of Web Security

@article{Akhawe2010TowardsAF,
  title={Towards a Formal Foundation of Web Security},
  author={Devdatta Akhawe and Adam Barth and Peifung E. Lam and John C. Mitchell and Dawn Xiaodong Song},
  journal={2010 23rd IEEE Computer Security Foundations Symposium},
  year={2010},
  pages={290-304}
}
We propose a formal model of web security based on an abstraction of the web platform and use this model to analyze the security of several sample web mechanisms and applications. We identify three distinct threat models that can be used to analyze web applications, ranging from a web attacker who controls malicious web sites and clients, to stronger attackers who can control the network and/or leverage sites designed to display user-supplied content. We propose two broadly applicable security… CONTINUE READING
Highly Influential
This paper has highly influenced 13 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 201 citations. REVIEW CITATIONS
118 Citations
49 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 118 extracted citations

201 Citations

02040'12'14'16'18
Citations per Year
Semantic Scholar estimates that this publication has 201 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-10 of 49 references

Cross-origin resource sharing

  • A. van Kesteren
  • 2009. [Online]. Available: http://www.w3.org/TR…
  • 2009
Highly Influential
11 Excerpts

Webauth v3 technical specification

  • R. Schemers, R. Allbery
  • 2009. [Online]. Available: http://webauth…
  • 2009
Highly Influential
16 Excerpts

Security for gwt applications

  • GWT Team
  • 2008. [Online]. Available: http://groups.google…
  • 2008
Highly Influential
12 Excerpts

Abusing internet explorer 8’s XSS filters

  • E. Nava, D. Lindsay
  • BlackHat Europe, 2010. [Online]. Available: http…
  • 2010
1 Excerpt

Alloy analyzer 4

  • MIT Software Design Group
  • 2010. [Online]. Available: http://alloy.mit.edu…
  • 2010
1 Excerpt

CAS deployment

  • JASIG
  • 2010. [Online]. Available: http://www.jasig.org…
  • 2010
1 Excerpt

Remote scripting with IFRAME

  • Apple Inc.
  • 2010. [Online]. Available: http://developer.apple…
  • 2010
1 Excerpt

Similar Papers

Loading similar papers…