{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:14:27Z","timestamp":1763507667899,"version":"3.40.4"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319048963"},{"type":"electronic","value":"9783319048970"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-04897-0_10","type":"book-chapter","created":{"date-parts":[[2014,2,18]],"date-time":"2014-02-18T08:34:38Z","timestamp":1392712478000},"page":"141-160","source":"Crossref","is-referenced-by-count":10,"title":["Architectures for Inlining Security Monitors in Web Applications"],"prefix":"10.1007","author":[{"given":"Jonas","family":"Magazinius","sequence":"first","affiliation":[]},{"given":"Daniel","family":"Hedin","sequence":"additional","affiliation":[]},{"given":"Andrei","family":"Sabelfeld","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"Acker, S.V., Ryck, P.D., Desmet, L., Piessens, F., Joosen, W.: Webjail: least-privilege integration of third-party components in web mashups. In: Proc. of ACSAC 2011 (2011)"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Agten, P., Acker, S.V., Brondsema, Y., Phung, P.H., Desmet, L., Piessens, F.: JSand: complete client-side sandboxing of third-party JavaScript without browser modifications. In: Zakon, R.H. (ed.) ACSAC 2012, pp. 1\u201310. ACM (2012)","DOI":"10.1145\/2420950.2420952"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Anderson, J.P.: Computer security technology planning study. Technical report, Deputy for Command and Management System, USA (1972)","DOI":"10.21236\/AD0772806"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: Proc. ACM Workshop on Programming Languages and Analysis for Security, PLAS (June 2009)","DOI":"10.1145\/1554339.1554353"},{"key":"10_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-29420-4_4","volume-title":"Formal Aspects of Security and Trust","author":"L. Bello","year":"2012","unstructured":"Bello, L., Bonelli, E.: On-the-fly inlining of dynamic dependency monitors for secure information flow. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol.\u00a07140, pp. 55\u201369. Springer, Heidelberg (2012)"},{"key":"10_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/978-3-642-01465-9_2","volume-title":"Formal Aspects in Security and Trust","author":"G. Boudol","year":"2009","unstructured":"Boudol, G.: Secure information flow as a safety property. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol.\u00a05491, pp. 20\u201334. Springer, Heidelberg (2009)"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: Proc. of CSF 2010 (2010)","DOI":"10.1109\/CSF.2010.21"},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for JavasCript. In: Hind, M., Diwan, A. (eds.) PLDI, pp. 50\u201362. ACM (2009)","DOI":"10.1145\/1543135.1542483"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Dam, M., Guernic, G.L., Lundblad, A.: Treedroid: a tree automaton based approach to enforcing data processing policies. In: Proc. of ACM CCS 2012, pp. 894\u2013905 (2012)","DOI":"10.1145\/2382196.2382290"},{"key":"10_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/978-3-642-03013-0_25","volume-title":"ECOOP 2009 \u2013 Object-Oriented Programming","author":"M. Dam","year":"2009","unstructured":"Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security monitor inlining for multithreaded java. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol.\u00a05653, pp. 546\u2013569. Springer, Heidelberg (2009)"},{"issue":"1","key":"10_CR11","doi-asserted-by":"crossref","first-page":"37","DOI":"10.3233\/JCS-2010-0365","volume":"18","author":"M. Dam","year":"2010","unstructured":"Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Provably correct inline monitoring for multithreaded java-like programs. Journal of Computer Security\u00a018(1), 37\u201359 (2010)","journal-title":"Journal of Computer Security"},{"key":"10_CR12","unstructured":"ECMA International. ECMAScript Language Specification, Version 5 (2009)"},{"key":"10_CR13","unstructured":"B.\u00a0Eich. Narcissus\u2014JS implemented in JS (2011), http:\/\/mxr.mozilla.org\/mozilla\/source\/js\/narcissus\/"},{"key":"10_CR14","unstructured":"Erlingsson, U.: The inlined reference monitor approach to security policy enforcement. PhD thesis, Cornell University, Ithaca, NY, USA (2004)"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Erlingsson, U., Schneider, F.B.: Sasi enforcement of security policies: a retrospective. In: Proc. of NSPW 1999, pp. 87\u201395 (1999)","DOI":"10.1145\/335169.335201"},{"key":"10_CR16","unstructured":"Gal, A.: dom.js, https:\/\/github.com\/andreasgal\/dom.js"},{"key":"10_CR17","unstructured":"Groef, W.D., Devriese, D., Nikiforakis, N., Piessens, F.: Flowfox: a web browser with flexible and precise information flow control. In: Proc. of ACM CCS 2012 (October 2012)"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow. Software release (September 2013), Located at http:\/\/chalmerslbs.bitbucket.org\/jsflow","DOI":"10.1145\/2554850.2554909"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow: Tracking Information Flow in JavaScript and its APIs. In: SAC. ACM (March 2014)","DOI":"10.1145\/2554850.2554909"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Hedin, D., Sabelfeld, A.: Information-flow security for a core of JavaScript. In: Proc. IEEE Computer Security Foundations Symposium, pp. 3\u201318 (June 2012)","DOI":"10.1109\/CSF.2012.19"},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in JavaScript web applications. In: Proc. of ACM CCS 2010 (October 2010)","DOI":"10.1145\/1866307.1866339"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Just, S., Cleary, A., Shirley, B., Hammer, C.: Information Flow Analysis for JavaScript. In: Proc. of PLASTIC 2011 (2011)","DOI":"10.1145\/2093328.2093331"},{"key":"10_CR23","unstructured":"Kesselman, J.: Document Object Model (DOM) Level 2 Core Specification (2000)"},{"key":"10_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-89330-1_23","volume-title":"Programming Languages and Systems","author":"H. Kikuchi","year":"2008","unstructured":"Kikuchi, H., Yu, D., Chander, A., Inamura, H., Serikov, I.: Javascript instrumentation in practice. In: Ramalingam, G. (ed.) APLAS 2008. LNCS, vol.\u00a05356, pp. 326\u2013341. Springer, Heidelberg (2008)"},{"key":"10_CR25","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/s10207-004-0046-8","volume":"4","author":"J. Ligatti","year":"2005","unstructured":"Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security\u00a04, 2\u201316 (2005)","journal-title":"International Journal of Information Security"},{"key":"10_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-21599-5_17","volume-title":"Trust and Trustworthy Computing","author":"T. Luo","year":"2011","unstructured":"Luo, T., Du, W.: Contego: Capability-based access control for web browsers - (short paper). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol.\u00a06740, pp. 231\u2013238. Springer, Heidelberg (2011)"},{"key":"10_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-3-642-27937-9_17","volume-title":"Information Security Technology for Applications","author":"J. Magazinius","year":"2012","unstructured":"Magazinius, J., Phung, P.H., Sands, D.: Safe wrappers and sane policies for self protecting javascript. In: Aura, T., J\u00e4rvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol.\u00a07127, pp. 239\u2013255. Springer, Heidelberg (2012)"},{"issue":"7","key":"10_CR28","doi-asserted-by":"publisher","first-page":"827","DOI":"10.1016\/j.cose.2011.10.002","volume":"31","author":"J. Magazinius","year":"2012","unstructured":"Magazinius, J., Russo, A., Sabelfeld, A.: On-the-fly inlining of dynamic security monitors. Computers & Security\u00a031(7), 827\u2013843 (2012)","journal-title":"Computers & Security"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proc. IEEE Symp. on Security and Privacy, pp. 79\u201393 (May 1994)","DOI":"10.1109\/RISP.1994.296590"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Meyerovich, L.A., Livshits, V.B.: Conscript: Specifying and enforcing fine-grained security policies for javascript in the browser. In: Proc. of IEEE S&P 2010 (2010)","DOI":"10.1109\/SP.2010.36"},{"key":"10_CR31","unstructured":"Mozilla Labs. Zaphod add-on for the Firefox browser (2011), http:\/\/mozillalabs.com\/zaphod"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Van Acker, S., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You are what you include: large-scale evaluation of remote JavaScript inclusions. In: Proc. of ACM CCS 2012, pp. 736\u2013747 (October 2012)","DOI":"10.1145\/2382196.2382274"},{"key":"10_CR33","doi-asserted-by":"crossref","unstructured":"Phung, P.H., Sands, D., Chudnov, A.: Lightweight self-protecting javascript. In: Proc. of ASIACCS 2009, pp. 47\u201360 (2009)","DOI":"10.1145\/1533057.1533067"},{"issue":"3","key":"10_CR34","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1145\/1281480.1281481","volume":"1","author":"C. Reis","year":"2007","unstructured":"Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: Browsershield: Vulnerability-driven filtering of dynamic html. ACM Trans. Web\u00a01(3), 11 (2007)","journal-title":"ACM Trans. Web"},{"key":"10_CR35","doi-asserted-by":"crossref","unstructured":"Rushby, J.M.: Design and verification of secure systems. In: Proc. SOSP 1981 (1981)","DOI":"10.1145\/800216.806586"},{"key":"10_CR36","doi-asserted-by":"crossref","unstructured":"Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: Proc. IEEE Computer Security Foundations Symposium, pp. 186\u2013199 (July 2010)","DOI":"10.1109\/CSF.2010.20"},{"issue":"1","key":"10_CR37","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A. Sabelfeld","year":"2003","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications\u00a021(1), 5\u201319 (2003)","journal-title":"IEEE J. Selected Areas in Communications"},{"key":"10_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1007\/978-3-642-11486-1_30","volume-title":"Perspectives of Systems Informatics","author":"A. Sabelfeld","year":"2010","unstructured":"Sabelfeld, A., Russo, A.: From dynamic to static and back: Riding the roller coaster of information-flow control research. In: Pnueli, A., Virbitskaite, I., Voronkov, A. (eds.) PSI 2009. LNCS, vol.\u00a05947, pp. 352\u2013365. Springer, Heidelberg (2010)"},{"issue":"9","key":"10_CR39","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J.H. Saltzer","year":"1975","unstructured":"Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. of the IEEE\u00a063(9), 1278\u20131308 (1975)","journal-title":"Proc. of the IEEE"},{"key":"10_CR40","unstructured":"Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-site scripting prevention with dynamic data tainting and static analysis. In: Proc. of NDSS (February 2007)"},{"key":"10_CR41","unstructured":"W3C. Document Object Model (DOM) Level 3 Events Specification, http:\/\/www.w3.org\/TR\/DOM-Level-3-Events\/"},{"key":"10_CR42","unstructured":"W3C. DOM4 W3C Working Draft 6, http:\/\/www.w3.org\/TR\/dom\/"},{"key":"10_CR43","first-page":"233","volume-title":"EuroSys 2009","author":"A. Yip","year":"2009","unstructured":"Yip, A., Narula, N., Krohn, M., Morris, R.: Privacy-preserving browser-side scripting with BFlow. In: EuroSys 2009, pp. 233\u2013246. ACM, New York (2009)"},{"key":"10_CR44","doi-asserted-by":"crossref","unstructured":"Yu, D., Chander, A., Islam, N., Serikov, I.: JavaScript instrumentation for browser security. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 237\u2013249. ACM (2007)","DOI":"10.1145\/1190215.1190252"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-04897-0_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T21:42:33Z","timestamp":1746135753000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-04897-0_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319048963","9783319048970"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-04897-0_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}