While most research on XSS defense has focused on techniques for securing existing applications and re-architecting browser mechanisms, sanitization remains the industry-standard defense mechanism. By streamlining and automating XSS sanitization, web application frameworks stand in a good position to stop XSS but have received little research attention. In order to drive research on web framewo...

In this paper, we present a study to counter privacy violation due to unsafe data correlation. We propose a safe correlation requirement to keep correlated values bounded by l-diversity and evaluate the trade-off to be made for the sake of a strong privacy guarantee. Finally, we present a correlation sanitization algorithm that enforces our safety constraint and demonstrates its efficiency.

Privacy and security concerns have adversely affected the usefulness of many types of techniques that leverage information gathered from deployed applications. To address this issue, we present a new approach for automatically sanitizing failure-inducing inputs. Given an input I that causes a failure f , our technique can generate a sanitized input I ′ that is different from I but still causes ...

Filtering or sanitization is the predominant mechanism in today’s applications to defend against cross-site scripting (XSS) attacks. XSS sanitization can be difficult to get right as it ties in closely with the parsing behavior of the browser. This paper explains some of the subtleties of ensuring correct sanitization, as well as common pitfalls. We study several emerging web application framew...

Code sanitizers are used to automatically detect security vulnerabilities in C/C++ code that elude static analysis. This requires that the code paths containing the vulnerability are actually executed with sanitization enabled. Under current practice, sanitization is routinely applied when developers perform continuous integration testing and fuzzing of pre-release software. However, sanitizati...

In a census, individual respondents give private information to a trusted party (the census bureau), who publishes a sanitized version of the data. There are two fundamentally conflicting requirements: privacy for the respondents and utility of the sanitized data. Note that this framework is inherently noninteractive. Recently, Chawla et al. (TCC’2005) initiated a theoretical study of the censu...

Goal-oriented spoken dialog systems aim to identify intents of humans, expressed in natural language, and take actions accordingly, to satisfy their requests. State-of-the-art data-driven spoken dialog systems are trained using large amounts of task data which is usually transcribed and then labeled by humans, a very expensive and laborious process. Hence sharing and reuse of this data has extr...

We present a series of related patterns for aligning security and usability based on a substantial body of prior work. These patterns cover the issue of data sanitization, secure messaging, secure operation, and protection from covert monitoring.

BACKGROUND AIMS Quality cell manufacturing processes require a clean laboratory environment. METHODS This report was aimed at describing current cleaning and sanitization practices reported by facilities that manufacture many types of cellular therapy products for clinical use. It is our hope that this report may provide the groundwork for guidance recommendations directed at developing conse...