Stanford Web Security Research

Overview

The Web Security Group is a part of the Stanford Security Laboratory. Research projects focus on various aspects of browser and web application security.

Publications

Securing the Web Platform

• Beware of Finer-Grained Origins
  Collin Jackson and Adam Barth
  In Web 2.0 Security and Privacy. (W2SP 2008)
• ForceHTTPS Cookies: A Defense Against Eavesdropping and Pharming
  Collin Jackson and Adam Barth
  In Proc. of the 17th International World Wide Web Conference. (WWW 2008)
• Protecting Browsers from DNS Rebinding Attacks
  Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh
  In Proc. of the 14th ACM Conf. on Computer and Communications Security. (CCS 2007)

Security for Mashups

• Securing Browser Frame Communication
  Adam Barth, Collin Jackson John C. Mitchell
  In Proc. of the 17th USENIX Security Symposium. (USENIX Security 2008)
• Protection and Communication Abstractions for Web Browsers in MashupOS
  Helen J. Wang, Xiaofeng Fan, Jon Howell, and Collin Jackson
  In Proc. of the 21st ACM Symposium on Operating Systems Principles (SOSP 2007)
• MashupOS: Operating System Abstractions for Client Mashups
  Jon Howell, Collin Jackson, Helen J. Wang, and Xiaofeng Fan
  In Proc. of the 11th Workshop on Hot Topics in Operating Systems. (HotOS 2007)
• Subspace: Secure Cross-Domain Communication for Web Mashups
  Collin Jackson and Helen J. Wang
  In Proc. of the 16th International World Wide Web Conference. (WWW 2007)

Privacy in the Browser

• Exposing Private Information by Timing Web Applications
  Andrew Bortz, Dan Boneh, and Palash Nandy
  In Proc. of the 16th International World Wide Web Conference. (WWW 2007)
• Protecting Browser State from Web Privacy Attacks
  Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell
  In Proc. of the 15th International World Wide Web Conference. (WWW 2006)

Authentication and Authorization

• Transaction Generators: Rootkits for the Web
  Collin Jackson, Dan Boneh, and John C. Mitchell
  In Proc. of the 2nd USENIX Workshop on Hot Topics in Security. (HotSec 2007)
• An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks
  Collin Jackson, Dan Simon, Desney Tan, and Adam Barth
  In Proc. of the 2007 Workshop on Usable Security. (USEC 2007)
• Stronger Password Authentication Using Browser Extensions
  Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C. Mitchell
  In Proc. of the 14th USENIX Security Symposium. (USENIX Security 2005)
• Client-side defense against web-based identity theft.
  Neil Chou, Robert Ledesma, Yuka Teraguchi, Dan Boneh, and John C. Mitchell
  In Proc. of the 11th Annual Network and Distributed System Security Symposium (NDSS 2004)