{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T04:08:09Z","timestamp":1746331689000,"version":"3.40.4"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319100814"},{"type":"electronic","value":"9783319100821"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-10082-1_4","type":"book-chapter","created":{"date-parts":[[2014,8,4]],"date-time":"2014-08-04T04:49:05Z","timestamp":1407127745000},"page":"88-123","source":"Crossref","is-referenced-by-count":8,"title":["Defensive JavaScript"],"prefix":"10.1007","author":[{"given":"Karthikeyan","family":"Bhargavan","sequence":"first","affiliation":[]},{"given":"Antoine","family":"Delignat-Lavaud","sequence":"additional","affiliation":[]},{"given":"Sergio","family":"Maffeis","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"Adida, B.: Helios: Web-based open-audit voting. In: USENIX Security Symposium, pp. 335\u2013348 (2008)"},{"key":"4_CR2","unstructured":"Adida, B., Barth, A., Jackson, C.: Rootkits for JavaScript environments. In: WOOT (2009)"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Akhawe, D., Barth, A., Lam, P., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: IEEE CSF 2010, pp. 290\u2013304 (2010)","DOI":"10.1109\/CSF.2010.27"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Akhawe, D., Saxena, P., Song, D.: Privilege separation in HTML5 applications. In: USENIX Security (2012)","DOI":"10.1007\/978-3-642-40203-6_41"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-642-28641-4_6","volume-title":"Principles of Security and Trust","author":"M. Arapinis","year":"2012","unstructured":"Arapinis, M., Bursuc, S., Ryan, M.: Privacy supporting cloud computing: ConfiChair, a case study. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol.\u00a07215, pp. 89\u2013108. Springer, Heidelberg (2012)"},{"key":"4_CR6","doi-asserted-by":"publisher","first-page":"34","DOI":"10.4018\/jsse.2011100103","volume":"2","author":"M. Avalle","year":"2011","unstructured":"Avalle, M., Pironti, A., Pozza, D., Sisto, R.: JavaSPI: A framework for security protocol implementation. International Journal of Secure Software Engineering\u00a02, 34\u201348 (2011)","journal-title":"International Journal of Secure Software Engineering"},{"key":"4_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-642-36830-1_7","volume-title":"Principles of Security and Trust","author":"C. Bansal","year":"2013","unstructured":"Bansal, C., Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Keys to the cloud: Formal analysis and concrete attacks on encrypted web storage. In: Basin, D., Mitchell, J.C. (eds.) POST 2013. LNCS, vol.\u00a07796, pp. 126\u2013146. Springer, Heidelberg (2013)"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Bansal, C., Bhargavan, K., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. In: CSF, pp. 247\u2013262 (2012)","DOI":"10.1109\/CSF.2012.27"},{"key":"4_CR9","unstructured":"Barth, A., Felt, A.P., Saxena, P., Boodman, A.: Protecting browsers from extension vulnerabilities. In: Network and Distributed System Security Symposium, NDSS (2010)"},{"key":"4_CR10","unstructured":"Bhargavan, K., Delignat-Lavaud, A.: Web-based attacks on host-proof encrypted storage. In: WOOT (2012)"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. In: CSFW, pp. 139\u2013152 (2006)","DOI":"10.1007\/11841197_6"},{"key":"4_CR12","unstructured":"Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Language-based defenses against untrusted browser origins. In: 22nd USENIX Security Symposium (2013)"},{"issue":"4","key":"4_CR13","doi-asserted-by":"publisher","first-page":"363","DOI":"10.3233\/JCS-2009-0339","volume":"17","author":"B. Blanchet","year":"2009","unstructured":"Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security\u00a017(4), 363\u2013434 (2009)","journal-title":"Journal of Computer Security"},{"key":"4_CR14","unstructured":"Blanchet, B., Smyth, B.: ProVerif: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial, http:\/\/www.proverif.inria.fr\/manual.pdf"},{"key":"4_CR15","unstructured":"Dahl, D., Sleevi, R.: Web Cryptography API. W3C Working Draft (2013)"},{"key":"4_CR16","unstructured":"ECMA International: ECMAScript language specification. Stardard ECMA-262, 3rd edn. (1999)"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Fett, D., K\u00fcsters, R., Schmitz, G.: An Expressive Model for the Web Infrastructure: Definition and Application to the BrowserID SSO System. In: 35th IEEE Symposium on Security and Privacy (S&P 2014). IEEE Computer Society (2014)","DOI":"10.1109\/SP.2014.49"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Fournet, C., Swamy, N., Chen, J., Dagand, P., Strub, P., Livshits, B.: Fully abstract compilation to JavaScript. In: POPL 2013 (2013)","DOI":"10.1145\/2429069.2429114"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Hardt, D.: The OAuth 2.0 authorization framework. IETF RFC 6749 (2012)","DOI":"10.17487\/rfc6749"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Hodges, J., Jackson, C., Barth, A.: HTTP Strict Transport Security (HSTS). IETF RFC 6797 (2012)","DOI":"10.17487\/rfc6797"},{"key":"4_CR21","unstructured":"IETF: JavaScript Object Signing and Encryption, JOSE (2012), http:\/\/tools.ietf.org\/wg\/jose\/"},{"key":"4_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1007\/BFb0032030","volume-title":"Automata, Languages and Programming","author":"R. Milner","year":"1990","unstructured":"Milner, R.: Functions as processes. In: Paterson, M. (ed.) ICALP 1990. LNCS, vol.\u00a0443, pp. 167\u2013180. Springer, Heidelberg (1990)"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Stark, E., Hamburg, M., Boneh, D.: Symmetric cryptography in JavaScript. In: ACSAC, pp. 373\u2013381 (2009)","DOI":"10.1109\/ACSAC.2009.42"},{"key":"4_CR24","unstructured":"Sterne, B., Barth, A.: Content Security Policy 1.0. W3C Candidate Recommendation (2012)"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Swamy, N., Fournet, C., Rastogi, A., Bhargavan, K., Chen, J., Strub, P.Y., Bierman, G.M.: Gradual typing embedded securely in javascript. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 425\u2013438 (2014)","DOI":"10.1145\/2535838.2535889"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services. In: IEEE S&P, pp. 365\u2013379. IEEE Computer Society (2012)","DOI":"10.1109\/SP.2012.30"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Woo, T., Lam, S.: A semantic model for authentication protocols. In: IEEE Symposium on Security and Privacy, pp. 178\u2013194 (1993)","DOI":"10.1109\/RISP.1993.287633"},{"key":"4_CR28","unstructured":"Zalewski, M.: Browser Security Handbook"}],"container-title":["Lecture Notes in Computer Science","Foundations of Security Analysis and Design VII"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-10082-1_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T01:54:24Z","timestamp":1746323664000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-10082-1_4"}},"subtitle":["Building and Verifying Secure Web Components"],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319100814","9783319100821"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-10082-1_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}