Jump to Content

Defining the technology of today and tomorrow.

Philosophy

We strive to create an environment conducive to many different types of research across many different time scales and levels of risk.
Learn more about our Philosophy

Philosophy

People

Our researchers drive advancements in computer science through both fundamental and applied research.
Learn more about our People

People
Research areas

Explore all research areas

Explore all research areas

Foundational ML & Algorithms

Algorithms & Theory

Data Management

Data Mining & Modeling

Information Retrieval & the Web

Machine Intelligence

Machine Perception

Machine Translation

Natural Language Processing

Speech Processing

Algorithms & Theory

Data Management

Data Mining & Modeling

Information Retrieval & the Web

Machine Intelligence

Machine Perception

Machine Translation

Natural Language Processing

Speech Processing

Computing Systems & Quantum AI

Distributed Systems & Parallel Computing

Hardware & Architecture

Mobile Systems

Networking

Quantum Computing

Robotics

Security, Privacy, & Abuse Prevention

Software Engineering

Software Systems

Distributed Systems & Parallel Computing

Hardware & Architecture

Mobile Systems

Networking

Quantum Computing

Robotics

Security, Privacy, & Abuse Prevention

Software Engineering

Software Systems

Science, AI & Society

Climate & Sustainability

Economics & Electronic Commerce

Education Innovation

General Science

Health & Bioscience

Human-Computer Interaction and Visualization

Climate & Sustainability

Economics & Electronic Commerce

Education Innovation

General Science

Health & Bioscience

Human-Computer Interaction and Visualization
Projects

We regularly open-source projects with the broader research community and apply our developments to Google products.
Learn more about our Projects

Projects

Publications

Publishing our work allows us to share ideas and work collaboratively to advance the field of computer science.
Learn more about our Publications

Publications

Resources

We make products, tools, and datasets available to everyone with the goal of building a more collaborative ecosystem.
Learn more about our Resources

Resources
Shaping the future, together.
Collaborate with us

Student programs

Supporting the next generation of researchers through a wide range of programming.
Learn more about our Student programs

Student programs

Faculty programs

Participating in the academic research community through meaningful engagement with university faculty.
Learn more about our Faculty programs

Faculty programs

Conferences & events

Connecting with the broader research community through events is essential for creating progress in every aspect of our work.
Learn more about our Conferences & events

Conferences & events

Collaborate with us
Careers
Blog

Automated Analysis of Security-Critical JavaScript APIs

Ankur Taly

Úlfar Erlingsson

John C. Mitchell

Mark S. Miller

Jasvir Nagra

IEEE Symposium on Security & Privacy (SP), IEEE (2011)

Download Google Scholar

Abstract

JavaScript is widely used to provide client-side functionality in Web
applications. To provide services ranging from maps to advertisements,
Web applications may incorporate untrusted JavaScript code from third
parties. The trusted portion of each application may then expose an
API to untrusted code, interposing a reference monitor that mediates
access to security-critical resources. However, a JavaScript reference
monitor can only be effective if it cannot be circum- vented through
programming tricks or programming language idiosyncracies. In order to
verify complete mediation of critical resources for applications of
interest, we deﬁne the semantics of a restricted version of JavaScript
devised by the ECMA Standards committee for isolation purposes, and
develop and test an automated tool that can soundly establish that a
given API cannot be circumvented or subverted. Our tool reveals a
previously-undiscovered vulnerability in the widely-examined Yahoo!
ADsafe ﬁlter and veriﬁes conﬁnement of the repaired ﬁlter and other
examples from the Object-Capability literature.

Research Areas

Security, Privacy and Abuse Prevention