By Adam Barth, Joel Weinberger and Dawn Song

 Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

 The DOM provides an access control layer  The JavaScript engine treats objects as capabilities

 Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

 Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

 In the JavaScript Engine object system  Object creation, destruction and reference  Calls into analysis library

 Current JavaScript Security Model  Cross-Origin JavaScript Capability Leaks  Capability Leak Detection  Browser Defense Mechanism

 Heap Graph Analysis can be used to find vulnerabilities in web browser  Web Browser can provide mechanism to eliminate these vulnerabilities  Heap Graph Tool and Access Control Prototype for WebKit: