I am a member of the research faculty at Carnegie Mellon Silicon Valley. My research focuses on the security of browsers and web applications.

I am a contributor to the WebKit, Chromium, and Firefox open source browser projects. Some other startups I'm involved with include Cooliris, SafeHub, and Betable. I blog about web security standards at mayscript.com.

---

Securing the Web Platform

• Busting Framebusting: a Study of Clickjacking Vulnerabilities at Popular Sites
  Gustav Rydstedt, Elie Burzstein, Dan Boneh, and Collin Jackson
  In Web 2.0 Security and Privacy 2010. (W2SP 2010)
• Critical Vulnerability in Browser Security Metrics
  Mustafa Acer and Collin Jackson
  In Web 2.0 Security and Privacy 2010. (W2SP 2010)
• Regular Expressions Considered Harmful in Client-Side XSS Filters
  Daniel Bates, Adam Barth, and Collin Jackson
  In Proc. of the 19th International World Wide Web Conference. (WWW 2010)
• The Security Architecture of the Chromium Browser
  Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team
  2008 Technical Report
• Robust Defenses for Cross-Site Request Forgery
  Adam Barth, Collin Jackson, and John C. Mitchell
  In Proc. of the 15th ACM Conference on Computer and Communications Security. (CCS 2008)
• Beware of Finer-Grained Origins
  Collin Jackson and Adam Barth
  In Web 2.0 Security and Privacy. (W2SP 2008)
• ForceHTTPS Cookies: A Defense Against Eavesdropping and Pharming
  Collin Jackson and Adam Barth
  In Proc. of the 17th International World Wide Web Conference. (WWW 2008)
• Protecting Browsers from DNS Rebinding Attacks
  Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh
  In Proc. of the 14th ACM Conf. on Computer and Communications Security. (CCS 2007)

Security for Mashups

• Attacks on JavaScript Mashup Communication
  Adam Barth, Collin Jackson, and William Li

  In Proc. of Web 2.0 Security and Privacy 2009 (W2SP 2009)
• Securing Browser Frame Communication
  Adam Barth, Collin Jackson, and John C. Mitchell
  In Proc. of the 17th USENIX Security Symposium. (USENIX Security 2008)
• Protection and Communication Abstractions for Web Browsers in MashupOS
  Helen J. Wang, Xiaofeng Fan, Jon Howell, and Collin Jackson
  In Proc. of the 21st ACM Symposium on Operating Systems Principles (SOSP 2007)
• MashupOS: Operating System Abstractions for Client Mashups
  Jon Howell, Collin Jackson, Helen J. Wang, and Xiaofeng Fan
  In Proc. of the 11th Workshop on Hot Topics in Operating Systems. (HotOS 2007)
• Subspace: Secure Cross-Domain Communication for Web Mashups
  Collin Jackson and Helen J. Wang
  In Proc. of the 16th International World Wide Web Conference. (WWW 2007)

Privacy in the Browser

• An Analysis of Private Browsing Modes in Modern Browsers
  Gaurav Aggarwal, Elie Burzstein, Dan Boneh, and Collin Jackson
  In Proc. of the 19th USENIX Security Symposium. (USENIX Security 2010)
• Protecting Browser State from Web Privacy Attacks
  Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell
  In Proc. of the 15th International World Wide Web Conference. (WWW 2006)

Authentication and Authorization

• Rootkits for JavaScript Environments
  Ben Adida, Adam Barth, and Collin Jackson

  In Proc. of 3rd USENIX Workshop on Offensive Technologies (WOOT 2009)
• Transaction Generators: Rootkits for the Web
  Collin Jackson, Dan Boneh, and John C. Mitchell
  In Proc. of the 2nd USENIX Workshop on Hot Topics in Security. (HotSec 2007)
• An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks
  Collin Jackson, Dan Simon, Desney Tan, and Adam Barth
  In Proc. of the 2007 Workshop on Usable Security. (USEC 2007)
• Stronger Password Authentication Using Browser Extensions
  Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C. Mitchell
  In Proc. of the 14th USENIX Security Symposium. (USENIX Security 2005)