Semantically Sound Analysis of Content Security Policies - Formal Techniques for Distributed Objects, Components, and Systems
Conference Papers Year : 2019

Semantically Sound Analysis of Content Security Policies

Stefano Calzavara
  • Function : Author
  • PersonId : 1055865
Alvise Rabitti
  • Function : Author
  • PersonId : 1055866
Michele Bugliesi
  • Function : Author
  • PersonId : 1055867

Abstract

Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.
Fichier principal
Vignette du fichier
478668_1_En_18_Chapter.pdf (213.75 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02313752 , version 1 (11-10-2019)

Licence

Identifiers

Cite

Stefano Calzavara, Alvise Rabitti, Michele Bugliesi. Semantically Sound Analysis of Content Security Policies. 39th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE), Jun 2019, Copenhagen, Denmark. pp.293-297, ⟨10.1007/978-3-030-21759-4_18⟩. ⟨hal-02313752⟩
78 View
43 Download

Altmetric

Share

More