{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:33:25Z","timestamp":1750221205919,"version":"3.41.0"},"publisher-location":"New York, New York, USA","reference-count":29,"publisher":"ACM Press","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004744","name":"Innoviris","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004744","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1145\/3237009.3237025","type":"proceedings-article","created":{"date-parts":[[2018,8,30]],"date-time":"2018-08-30T14:00:37Z","timestamp":1535637637000},"page":"1-15","source":"Crossref","is-referenced-by-count":4,"title":["GUARDIA"],"prefix":"10.1145","author":[{"given":"Angel Luis Scull","family":"Pupo","sequence":"first","affiliation":[{"name":"Vrije Universiteit Brussel, Brussels, Belgium"}]},{"given":"Jens","family":"Nicolay","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Brussel, Brussels, Belgium"}]},{"given":"Elisa Gonzalez","family":"Boix","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Brussel, Brussels, Belgium"}]}],"member":"320","reference":[{"key":"key-10.1145\/3237009.3237025-1","doi-asserted-by":"crossref","unstructured":"Pieter Agten, Steven Van Acker, Yoran Brondsema, Phu H. Phung, Lieven Desmet, and Frank Piessens. 2012. JSand: Complete Client-side Sandboxing of Third-party JavaScript Without Browser Modifications. InProceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12).ACM, New York, NY, USA, 1--10.","DOI":"10.1145\/2420950.2420952"},{"key":"key-10.1145\/3237009.3237025-2","doi-asserted-by":"crossref","unstructured":"James P. Anderson. 1972.Computer Security Technology Planning Study.Technical Report ESD-TR-73-51. U.S. Air Force Electronic Systems Division.","DOI":"10.21236\/AD0772806"},{"key":"key-10.1145\/3237009.3237025-3","doi-asserted-by":"crossref","unstructured":"Thomas H Austin, Tim Disney, Cormac Flanagan, Thomas H Austin, Tim Disney, and Cormac Flanagan. 2011.Virtual values for language extension.Vol. 46. ACM.","DOI":"10.1145\/2076021.2048136"},{"key":"key-10.1145\/3237009.3237025-4","doi-asserted-by":"crossref","unstructured":"Nataliia Bielova. 2013. Survey on JavaScript security policies and their enforcement mechanisms in a web browser.The Journal of Logic and Algebraic Programming82, 8 (Nov. 2013), 243--262.","DOI":"10.1016\/j.jlap.2013.05.001"},{"key":"key-10.1145\/3237009.3237025-5","unstructured":"Laurent Christophe, Elisa Gonzalez Boix, Wolfgang De Meuter, and Coen De Roover. 2016. Linvail - A General-Purpose Platform for Shadow Execution of JavaScript.SANER(2016), 260--270."},{"key":"key-10.1145\/3237009.3237025-6","doi-asserted-by":"crossref","unstructured":"Sophia Drossopoulou, James Noble, and Mark S. Miller. 2015. Swapsies on the Internet: First Steps Towards Reasoning About Risk and Trust in an Open World. InProceedings of the 10th ACM Workshop on Programming Languages and Analysis for Security (PLAS'15).ACM, New York, NY, USA, 2--15.","DOI":"10.1145\/2786558.2786564"},{"key":"key-10.1145\/3237009.3237025-7","unstructured":"Ecma International. 2015.ECMAScript 2015 Language Specification(6th ed.). Ecma International, Geneva. http:\/\/www.ecma-international.org\/ecma-262\/6.0\/ECMA-262.pdf"},{"key":"key-10.1145\/3237009.3237025-8","unstructured":"D Ghosh. 2011.DSLs in Action.Manning. 351 pages."},{"key":"key-10.1145\/3237009.3237025-9","doi-asserted-by":"crossref","unstructured":"Hallaraker, O and Vigna, G. 2005.Detecting malicious JavaScript code in Mozilla.IEEE.","DOI":"10.1109\/ICECCS.2005.35"},{"key":"key-10.1145\/3237009.3237025-10","unstructured":"Kevin W Hamlen, Micah Jones, and Meera Sridhar. 2012. Aspect-Oriented Runtime Monitor Certification. InTools and Algorithms for the Construction and Analysis of Systems - 18th International Conference, TACAS 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Tallinn, Estonia, March 24 - April 1, 2012. Proceedings.Springer Berlin Heidelberg, Berlin, Heidelberg, 126--140."},{"key":"key-10.1145\/3237009.3237025-11","unstructured":"Xing Jin, Tongbo Luo, Derek G. Tsui, and Wenliang Du. 2014. Code Injection Attacks on HTML5-based Mobile Apps.CoRRabs\/1410.7756 (2014). http:\/\/arxiv.org\/abs\/1410.7756"},{"key":"key-10.1145\/3237009.3237025-12","unstructured":"Micah Jones and Kevin W Hamlen. 2010. Disambiguating aspect-oriented security policies. InProceedings of the 9th International Conference on Aspect-Oriented Software Development, AOSD 2010, Rennes and Saint-Malo, France, March 15--19, 2010.ACM Press, New York, New York, USA, 193--204."},{"key":"key-10.1145\/3237009.3237025-13","doi-asserted-by":"crossref","unstructured":"Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi Inamura, and Igor Serikov. 2008. JavaScript Instrumentation in Practice. InProgramming Languages and Systems.Springer Berlin Heidelberg, Berlin, Heidelberg, 326--341.","DOI":"10.1007\/978-3-540-89330-1_23"},{"key":"key-10.1145\/3237009.3237025-14","unstructured":"Sebastian Lekies, Ben Stock, Martin Wentzel, and Martin Johns. 2015. The Unexpected Dangers of Dynamic JavaScript. In24th USENIX Security Symposium (USENIX Security 15).USENIX Association, Washington, D.C., 723--735. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/lekies"},{"key":"key-10.1145\/3237009.3237025-15","unstructured":"Jonas Magazinius, Phu H Phung, and David Sands. 2012. Safe Wrappers and Sane Policies for Self Protecting JavaScript. InInformatics.Springer Berlin Heidelberg, Berlin, Heidelberg, 239--255."},{"key":"key-10.1145\/3237009.3237025-16","doi-asserted-by":"crossref","unstructured":"Leo A Meyerovich, Adrienne Porter Felt, and Mark S Miller. 2010. Object views: Fine-Grained Sharing in Browsers. Inthe 19th international conference.ACM Press, New York, New York, USA, 721--730.","DOI":"10.1145\/1772690.1772764"},{"key":"key-10.1145\/3237009.3237025-17","doi-asserted-by":"crossref","unstructured":"Leo A Meyerovich and Benjamin Livshits. 2010. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser. In2010 IEEE Symposium on Security and Privacy.IEEE, 481--496.","DOI":"10.1109\/SP.2010.36"},{"key":"key-10.1145\/3237009.3237025-18","unstructured":"G K Pannu. 2014. A Survey on Web Application Attacks.IJCSIT) International Journal of Computer Science and... (2014)."},{"key":"key-10.1145\/3237009.3237025-19","doi-asserted-by":"crossref","unstructured":"Phu H. Phung, David Sands, and Andrey Chudnov. 2009. Lightweight Self-protecting JavaScript. InProceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS '09).ACM, New York, NY, USA, 47--60.","DOI":"10.1145\/1533057.1533067"},{"key":"key-10.1145\/3237009.3237025-20","doi-asserted-by":"crossref","unstructured":"Charles Reis, John Dunagan, Helen J Wang, Opher Dubrovsky, and Saher Esmeir. 2007. BrowserShield: Vulnerability-driven filtering of dynamic HTML.ACM Transactions on the Web (TWEB)1, 3 (Sept. 2007), 11--es.","DOI":"10.1145\/1281480.1281481"},{"key":"key-10.1145\/3237009.3237025-21","doi-asserted-by":"crossref","unstructured":"Gregor Richards, Christian Hammer, Francesco Zappa Nardelli, Suresh Jagannathan, and Jan Vitek. 2013. Flexible Access Control for Javascript.SIGPLAN Not.48, 10 (Oct. 2013), 305--322.","DOI":"10.1145\/2544173.2509542"},{"key":"key-10.1145\/3237009.3237025-22","doi-asserted-by":"crossref","unstructured":"H Saiedian and D Broyle. 2011. Security vulnerabilities in the same-origin policy: Implications and alternatives.Computer(2011).","DOI":"10.1109\/MC.2011.226"},{"key":"key-10.1145\/3237009.3237025-23","doi-asserted-by":"crossref","unstructured":"Fred B Schneider. 2000. Enforceable security policies.ACM Transactions on Information and System Security (TISSEC)3, 1 (Feb. 2000), 30--50.","DOI":"10.1145\/353323.353382"},{"key":"key-10.1145\/3237009.3237025-24","unstructured":"Koushik Sen, Swaroop Kalasapur, Tasneem Brutch, and Simon Gibbs. 2013. Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript. In ...Joint Meeting on Foundations of.... ACM, 615--618."},{"key":"key-10.1145\/3237009.3237025-25","unstructured":"Steven Van Acker, Philippe De Ryck, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2011. WebJail: least-privilege integration of third-party components in web mashups.ACSAC(2011), 307--316."},{"key":"key-10.1145\/3237009.3237025-26","unstructured":"Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2007. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. InNDSS07."},{"key":"key-10.1145\/3237009.3237025-27","doi-asserted-by":"crossref","unstructured":"Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies, and Artur Janc. 2016. CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy.. InACM Conference on Computer and Communications Security.ACM Press, New York, New York, USA, 1376--1387.","DOI":"10.1145\/2976749.2978363"},{"key":"key-10.1145\/3237009.3237025-28","unstructured":"WHATWG. 1017.HTML Standard.html.spec.whatwg.org."},{"key":"key-10.1145\/3237009.3237025-29","doi-asserted-by":"crossref","unstructured":"Dachuan Yu, Ajay Chander, Nayeem Islam, and Igor Serikov. 2007. JavaScript instrumentation for browser security.ACM SIGPLAN Notices42, 1 (Jan. 2007), 237--249.","DOI":"10.1145\/1190215.1190252"}],"event":{"name":"the 15th International Conference","start":{"date-parts":[[2018,9,12]]},"number":"15","location":"Linz, Austria","end":{"date-parts":[[2018,9,13]]},"acronym":"ManLang '18"},"container-title":["Proceedings of the 15th International Conference on Managed Languages & Runtimes - ManLang '18"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3237009.3237025","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/dl.acm.org\/ft_gateway.cfm?id=3237025&ftid=1999831&dwn=1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:39:34Z","timestamp":1750210774000},"score":1,"resource":{"primary":{"URL":"http:\/\/dl.acm.org\/citation.cfm?doid=3237009.3237025"}},"subtitle":["specification and enforcement of javascript security policies without VM modifications"],"proceedings-subject":"Managed Languages & Runtimes","short-title":[],"issued":{"date-parts":[[2018]]},"references-count":29,"URL":"https:\/\/doi.org\/10.1145\/3237009.3237025","relation":{},"subject":[],"published":{"date-parts":[[2018]]}}}