{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:05:43Z","timestamp":1763967943060,"version":"3.41.0"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2007,9,1]],"date-time":"2007-09-01T00:00:00Z","timestamp":1188604800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Web"],"published-print":{"date-parts":[[2007,9]]},"abstract":"<jats:p>\n            Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [Wang et al. 2004]. In this article, we take Shield's vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in Web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at runtime. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at runtime. The rewritten pages contain logic for recursively applying runtime checks to dynamically generated or modified web content, based on known vulnerabilities. We have built and evaluated\n            <jats:italic>BrowserShield<\/jats:italic>\n            , a general framework that performs this dynamic instrumentation of embedded scripts, and that admits policies for customized runtime actions like vulnerability-driven filtering. We also explore other applications on top of BrowserShield.\n          <\/jats:p>","DOI":"10.1145\/1281480.1281481","type":"journal-article","created":{"date-parts":[[2007,9,26]],"date-time":"2007-09-26T17:18:32Z","timestamp":1190827112000},"page":"11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":70,"title":["BrowserShield"],"prefix":"10.1145","volume":"1","author":[{"given":"Charles","family":"Reis","sequence":"first","affiliation":[{"name":"University of Washington, Seattle, WA"}]},{"given":"John","family":"Dunagan","sequence":"additional","affiliation":[{"name":"Microsoft, Redmond, WA"}]},{"given":"Helen J.","family":"Wang","sequence":"additional","affiliation":[{"name":"Microsoft, Redmond, WA"}]},{"given":"Opher","family":"Dubrovsky","sequence":"additional","affiliation":[{"name":"Microsoft, Redmond, WA"}]},{"given":"Saher","family":"Esmeir","sequence":"additional","affiliation":[{"name":"Technion"}]}],"member":"320","published-online":{"date-parts":[[2007,9]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"OPUS: Online patches and updates for security. Usenix Security Sumposium.","author":"Altekar G.","year":"2005","unstructured":"Altekar , G. , Bagrak , I. , Burstein , P. , and Schultz , A . 2005 . OPUS: Online patches and updates for security. Usenix Security Sumposium. Altekar, G., Bagrak, I., Burstein, P., and Schultz, A. 2005. OPUS: Online patches and updates for security. Usenix Security Sumposium."},{"volume-title":"Computer Security Technology Planning Study","author":"Anderson J. P.","key":"e_1_2_1_2_1","unstructured":"Anderson , J. P. 1972. Computer Security Technology Planning Study . Vol. II ESD-TR-73-51, Vol. II, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA. Anderson, J. P. 1972. Computer Security Technology Planning Study. Vol. II ESD-TR-73-51, Vol. II, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA."},{"key":"e_1_2_1_3_1","unstructured":"Apache Foundation 2007. The Apache HTTP server project. http:\/\/httpd.apache.org.  Apache Foundation 2007. The Apache HTTP server project. http:\/\/httpd.apache.org."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.889093"},{"volume-title":"Timing the Application of Security Patches for Optimal Uptime. In Large Installation System Administration Conference.","author":"Beattie S.","key":"e_1_2_1_5_1","unstructured":"Beattie , S. , Arnold , S. , Cowan , C. , Wagle , P. , and Wright , C . 2002 . Timing the Application of Security Patches for Optimal Uptime. In Large Installation System Administration Conference. Beattie, S., Arnold, S., Cowan, C., Wagle, P., and Wright, C. 2002. Timing the Application of Security Patches for Optimal Uptime. In Large Installation System Administration Conference."},{"key":"e_1_2_1_6_1","unstructured":"Bochs 2006. Bochs: The Open Source IA-32 emulation project. http:\/\/bochs.sourceforge.net\/.  Bochs 2006. Bochs: The Open Source IA-32 emulation project. http:\/\/bochs.sourceforge.net\/."},{"key":"e_1_2_1_7_1","unstructured":"CERT. 2000. CERT advisory CA-2000-02 malicious HTML tags embedded in client Web requests. http:\/\/www.cert.org\/advisories\/CA-2000-02.html.  CERT. 2000. CERT advisory CA-2000-02 malicious HTML tags embedded in client Web requests. http:\/\/www.cert.org\/advisories\/CA-2000-02.html."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095824"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.4"},{"volume-title":"Proceedings of the Symposium on Operating Systems Design and Implementation.","author":"Erlingsson","key":"e_1_2_1_10_1","unstructured":"Erlingsson , \u00da., Abadi , M. , Vrable , M. , Budiu , M. , and Necula , G. C . 2006. XFI: Software guards for system address spaces . In Proceedings of the Symposium on Operating Systems Design and Implementation. Erlingsson, \u00da., Abadi, M., Vrable, M., Budiu, M., and Necula, G. C. 2006. XFI: Software guards for system address spaces. In Proceedings of the Symposium on Operating Systems Design and Implementation."},{"volume-title":"Proceeding of the IEEE Symposium on Security and Privacy.","author":"Erlingsson","key":"e_1_2_1_11_1","unstructured":"Erlingsson , \u00da. and Schneider, F. B . 2000a. IRM Enforcement of Java stack inspection . In Proceeding of the IEEE Symposium on Security and Privacy. Erlingsson, \u00da. and Schneider, F. B. 2000a. IRM Enforcement of Java stack inspection. In Proceeding of the IEEE Symposium on Security and Privacy."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/335169.335201"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy.","author":"Evans D.","key":"e_1_2_1_13_1","unstructured":"Evans , D. and Twyman , A . 1999. Flexible policy-directed code safety . In Proceedings of the IEEE Symposium on Security and Privacy. Evans, D. and Twyman, A. 1999. Flexible policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy."},{"volume-title":"Proceedings of the Symposiumon Network Systems Design and Implementation.","author":"Freedman M. J.","key":"e_1_2_1_14_1","unstructured":"Freedman , M. J. , Freudenthal , E. , and Mazires , D . 2004. Democratizing content publication with Coral . In Proceedings of the Symposiumon Network Systems Design and Implementation. Freedman, M. J., Freudenthal, E., and Mazires, D. 2004. Democratizing content publication with Coral. In Proceedings of the Symposiumon Network Systems Design and Implementation."},{"key":"e_1_2_1_15_1","unstructured":"Friedman M. 2006. Protected mode in Vista IE7. http:\/\/blogs.msdn.com\/ie\/archive\/2006\/02\/09\/528963.aspx.  Friedman M. 2006. Protected mode in Vista IE7. http:\/\/blogs.msdn.com\/ie\/archive\/2006\/02\/09\/528963.aspx."},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the Network and Distributed System Security Conference.","author":"Garfinkel T.","year":"2003","unstructured":"Garfinkel , T. 2003 . Traps and pitfalls: Practical problems in system call interposition based security tools . In Proceedings of the Network and Distributed System Security Conference. Garfinkel, T. 2003. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proceedings of the Network and Distributed System Security Conference."},{"volume-title":"Proceedings of the Network and Distributed System Security Conference.","author":"Garfinkel T.","key":"e_1_2_1_17_1","unstructured":"Garfinkel , T. , Pfaff , B. , and Rosenblum , M . 2004. Ostia: A delegating architecture for secure system call interposition . In Proceedings of the Network and Distributed System Security Conference. Garfinkel, T., Pfaff, B., and Rosenblum, M. 2004. Ostia: A delegating architecture for secure system call interposition. In Proceedings of the Network and Distributed System Security Conference."},{"volume-title":"Usenix Security Symposium.","author":"Goldberg I.","key":"e_1_2_1_18_1","unstructured":"Goldberg , I. , Wagner , D. , Thomas , R. , and Brewer , E. A . 1996. A secure environment for untrusted helper applications . In Usenix Security Symposium. Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. 1996. A secure environment for untrusted helper applications. In Usenix Security Symposium."},{"key":"e_1_2_1_19_1","unstructured":"Greasemonkey. 2007. Greasemonkey. http:\/\/greasemonkey.mozdev.org\/.  Greasemonkey. 2007. Greasemonkey. http:\/\/greasemonkey.mozdev.org\/."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168626"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095820"},{"key":"e_1_2_1_23_1","unstructured":"Kiciman E. and Wang H. J. 2007. Live monitoring: Using adaptive intstrumentation and analysis to debug and maintain Web applications. In HotOS XI.   Kiciman E. and Wang H. J. 2007. Live monitoring: Using adaptive intstrumentation and analysis to debug and maintain Web applications. In HotOS XI."},{"volume-title":"Usenix Security Symposium.","author":"Kim H.-A.","key":"e_1_2_1_24_1","unstructured":"Kim , H.-A. and Karp , B . 2004. Autograph: Toward automated, distributed worm signature detection . Usenix Security Symposium. Kim, H.-A. and Karp, B. 2004. Autograph: Toward automated, distributed worm signature detection. Usenix Security Symposium."},{"volume-title":"Usenix Security Symposium.","author":"Kiriansky V.","key":"e_1_2_1_25_1","unstructured":"Kiriansky , V. , Bruening , D. , and Amarasinghe , S . 2002. Secure execution via program shepherding . Usenix Security Symposium. Kiriansky, V., Bruening, D., and Amarasinghe, S. 2002. Secure execution via program shepherding. Usenix Security Symposium."},{"key":"e_1_2_1_26_1","unstructured":"Lindholm T. and Yellin F. 1999. The Java Virtual Machine Specification 2nd ED. Sun Microsystem.   Lindholm T. and Yellin F. 1999. The Java Virtual Machine Specification 2nd ED. Sun Microsystem."},{"key":"e_1_2_1_27_1","unstructured":"Markham G. 2006. Content restrictions. http:\/\/www.gerv.net\/security\/content-restrictions\/.  Markham G. 2006. Content restrictions. http:\/\/www.gerv.net\/security\/content-restrictions\/."},{"volume-title":"USENIX Security Symposium.","author":"Martin D.","key":"e_1_2_1_28_1","unstructured":"Martin , D. and Schulman , A . 2002. Deanonymizing users of the safeWeb anonymizing service . In USENIX Security Symposium. Martin, D. and Schulman, A. 2002. Deanonymizing users of the safeWeb anonymizing service. In USENIX Security Symposium."},{"key":"e_1_2_1_29_1","unstructured":"Microsoft. 2004. Microsoft security bulletin MS04-040. http:\/\/www.microsoft.com\/technet\/security\/Bulletin\/MS04-040.mspx.  Microsoft. 2004. Microsoft security bulletin MS04-040. http:\/\/www.microsoft.com\/technet\/security\/Bulletin\/MS04-040.mspx."},{"key":"e_1_2_1_30_1","unstructured":"Microsoft. 2005. Microsoft security bulletin summaries and webcasts. http:\/\/www.microsoft. com\/technet\/security\/bulletin\/summary.mspx.  Microsoft. 2005. Microsoft security bulletin summaries and webcasts. http:\/\/www.microsoft. com\/technet\/security\/bulletin\/summary.mspx."},{"key":"e_1_2_1_31_1","unstructured":"Microsoft ISA. 2004. Internet security and acceleration server. http:\/\/www.microsoft.com\/ isaserver\/default.mspx.  Microsoft ISA. 2004. Internet security and acceleration server. http:\/\/www.microsoft.com\/ isaserver\/default.mspx."},{"key":"e_1_2_1_32_1","unstructured":"Microsoft SharePoint. 2007. SharePoint. http:\/\/www.microsoft.com\/sharepoint.  Microsoft SharePoint. 2007. SharePoint. http:\/\/www.microsoft.com\/sharepoint."},{"key":"e_1_2_1_33_1","unstructured":"Mozilla. 2005. Mozilla Foundation security advisories. http:\/\/www.mozilla.org\/security\/announce.  Mozilla. 2005. Mozilla Foundation security advisories. http:\/\/www.mozilla.org\/security\/announce."},{"volume-title":"Proceedings of the Network and Distributed System Security Conference.","author":"Newsome J.","key":"e_1_2_1_34_1","unstructured":"Newsome , J. and Song , D . 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software . In Proceedings of the Network and Distributed System Security Conference. Newsome, J. and Song, D. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Conference."},{"key":"e_1_2_1_35_1","unstructured":"PaX. 2007. Homepage of PaX. http:\/\/pax.grsecurity.net\/.  PaX. 2007. Homepage of PaX. http:\/\/pax.grsecurity.net\/."},{"volume-title":"Usenix NT Workshop.","author":"Romer T.","key":"e_1_2_1_36_1","unstructured":"Romer , T. , Voelker , G. , Lee , D. , Wolman , A. , Wong , W. , Levy , H. , and Bershad , B . 1997. Instrumentation and optimization of Win32\/Intel executables using Etch . Usenix NT Workshop. Romer, T., Voelker, G., Lee, D., Wolman, A., Wong, W., Levy, H., and Bershad, B. 1997. Instrumentation and optimization of Win32\/Intel executables using Etch. Usenix NT Workshop."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/237090.237175"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/800009.808059"},{"key":"e_1_2_1_39_1","unstructured":"Secure Computing. 2006. Webwasher SSL Scanner. http:\/\/www.securecomputing.com\/pdf\/WW-SSLscan-PO.pdf.  Secure Computing. 2006. Webwasher SSL Scanner. http:\/\/www.securecomputing.com\/pdf\/WW-SSLscan-PO.pdf."},{"key":"e_1_2_1_40_1","unstructured":"Seltzer L. 2005. Eweek. Anti-virus protection for WMF flaw still inconsistent. http:\/\/www. eweek.com\/article2\/0 1895 1907102 00.asp.  Seltzer L. 2005. Eweek. Anti-virus protection for WMF flaw still inconsistent. http:\/\/www. eweek.com\/article2\/0 1895 1907102 00.asp."},{"volume-title":"Proceedings of the Symposium on Operating Systems Design and Implementation.","author":"Singh S.","key":"e_1_2_1_41_1","unstructured":"Singh , S. , Estan , C. , Varghese , G. , and Savage , S . 2004. Automated worm fingerprinting . In Proceedings of the Symposium on Operating Systems Design and Implementation. Singh, S., Estan, C., Varghese, G., and Savage, S. 2004. Automated worm fingerprinting. In Proceedings of the Symposium on Operating Systems Design and Implementation."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319165"},{"key":"e_1_2_1_43_1","unstructured":"Snort. 2005. The Open Source Network intrusion detection system. http:\/\/www.snort.org\/.  Snort. 2005. The Open Source Network intrusion detection system. http:\/\/www.snort.org\/."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/38765.38828"},{"key":"e_1_2_1_45_1","unstructured":"Useful Utilities. 2007. Ezproxy by useful utilities. http:\/\/www.usefulutilities.com.  Useful Utilities. 2007. Ezproxy by useful utilities. http:\/\/www.usefulutilities.com."},{"key":"e_1_2_1_46_1","unstructured":"Valgrind. 2007. Valgrind. http:\/\/www.valgrind.org\/.  Valgrind. 2007. Valgrind. http:\/\/www.valgrind.org\/."},{"key":"e_1_2_1_47_1","unstructured":"Virtual Conspiracy. 2005. Windows script decoder. http:\/\/www.virtualconspiracy.com.  Virtual Conspiracy. 2005. Windows script decoder. http:\/\/www.virtualconspiracy.com."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/1060289.1060307"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015489"},{"volume-title":"Proceedings of the Network and Distributed Systems Security Conference.","author":"Wang Y.-M.","key":"e_1_2_1_51_1","unstructured":"Wang , Y.-M. , Beck , D. , Jiang , X. , Roussev , R. , Verbowski , C. , Chen , S. , and King , S . 2006. Automated Web patrol with Strider HoneyMonkeys: Finding Web sites that exploit browser vulnerabilities . In Proceedings of the Network and Distributed Systems Security Conference. Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., and King, S. 2006. Automated Web patrol with Strider HoneyMonkeys: Finding Web sites that exploit browser vulnerabilities. In Proceedings of the Network and Distributed Systems Security Conference."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190252"}],"container-title":["ACM Transactions on the Web"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1281480.1281481","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1281480.1281481","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T15:13:46Z","timestamp":1750259626000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1281480.1281481"}},"subtitle":["Vulnerability-driven filtering of dynamic HTML"],"short-title":[],"issued":{"date-parts":[[2007,9]]},"references-count":52,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2007,9]]}},"alternative-id":["10.1145\/1281480.1281481"],"URL":"https:\/\/doi.org\/10.1145\/1281480.1281481","relation":{},"ISSN":["1559-1131","1559-114X"],"issn-type":[{"type":"print","value":"1559-1131"},{"type":"electronic","value":"1559-114X"}],"subject":[],"published":{"date-parts":[[2007,9]]},"assertion":[{"value":"2007-09-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}