An innovative new defense against cross-domain vulnerabilities

Cross-domain (or “Universal XSS”) vulnerabilities have long plagued modern script-enabled web browsers.  Shuo Chen of Microsoft Research has developed a new type of defense against these vulnerabilities.  A paper on this new approach has been accepted to the 14th ACM Conference on Computer and Communications Security (CCS).

An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism

I contributed some time to Shuo’s project and assisted with providing technical background on historical cross-domain vulnerabilities in Internet Explorer.