I am a member of the research faculty at Carnegie Mellon Silicon Valley. My web security research group focuses on the security of browsers and web applications.

Securing the Web Platform

• App Isolation: Get the Security of Multiple Browsers with Just One
  Eric Y. Chen, Jason Bau, Charles Reis, and Adam Barth, Collin Jackson
  In Proc of the 18th ACM Conference on Computer and Communications Security (CCS 2011)
• Talking to Yourself For Fun and Profit
  Lin-Shung Huang, Eric Y. Chen, Adam Barth, Eric Rescorla, and Collin Jackson
  In Web 2.0 Security and Privacy (W2SP 2011)
• Protecting Browsers from Cross-Origin CSS Attacks
  Lin-Shung Huang, Zack Weinberg, Chris Evans, Collin Jackson
  In Proc of the 17th ACM Conference on Computer and Communications Security (CCS 2010)
• Busting Framebusting: a Study of Clickjacking Vulnerabilities at Popular Sites
  Gustav Rydstedt, Elie Bursztein, Dan Boneh, and Collin Jackson
  In Web 2.0 Security and Privacy 2010. (W2SP 2010)
• Critical Vulnerability in Browser Security Metrics
  Mustafa Acer and Collin Jackson
  In Web 2.0 Security and Privacy 2010. (W2SP 2010)
• Regular Expressions Considered Harmful in Client-Side XSS Filters
  Daniel Bates, Adam Barth, and Collin Jackson
  In Proc. of the 19th International World Wide Web Conference. (WWW 2010)
• The Security Architecture of the Chromium Browser
  Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team
  2008 Technical Report
• Robust Defenses for Cross-Site Request Forgery
  Adam Barth, Collin Jackson, and John C. Mitchell
  In Proc. of the 15th ACM Conference on Computer and Communications Security. (CCS 2008)
• Beware of Finer-Grained Origins
  Collin Jackson and Adam Barth
  In Web 2.0 Security and Privacy. (W2SP 2008)
• ForceHTTPS Cookies: A Defense Against Eavesdropping and Pharming
  Collin Jackson and Adam Barth
  In Proc. of the 17th International World Wide Web Conference. (WWW 2008)
• Protecting Browsers from DNS Rebinding Attacks
  Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh
  In Proc. of the 14th ACM Conf. on Computer and Communications Security. (CCS 2007)

Security for Mashups

• Attacks on JavaScript Mashup Communication
  Adam Barth, Collin Jackson, and William Li

  In Proc. of Web 2.0 Security and Privacy 2009 (W2SP 2009)
• Securing Browser Frame Communication
  Adam Barth, Collin Jackson, and John C. Mitchell
  In Proc. of the 17th USENIX Security Symposium. (USENIX Security 2008)
• Protection and Communication Abstractions for Web Browsers in MashupOS
  Helen J. Wang, Xiaofeng Fan, Jon Howell, and Collin Jackson
  In Proc. of the 21st ACM Symposium on Operating Systems Principles (SOSP 2007)
• MashupOS: Operating System Abstractions for Client Mashups
  Jon Howell, Collin Jackson, Helen J. Wang, and Xiaofeng Fan
  In Proc. of the 11th Workshop on Hot Topics in Operating Systems. (HotOS 2007)
• Subspace: Secure Cross-Domain Communication for Web Mashups
  Collin Jackson and Helen J. Wang
  In Proc. of the 16th International World Wide Web Conference. (WWW 2007)

Privacy in the Browser

• I Still Know What You Visited Last Summer: Leaking browsing history via user interaction and side channel attacks
  Zack Weinberg, Eric Chen, Pavithra Ramesh Jayaraman, and Collin Jackson
  In Proc. of the IEEE Security and Privacy Symposium (Oakland 2011)
• An Analysis of Private Browsing Modes in Modern Browsers
  Gaurav Aggarwal, Elie Bursztein, Dan Boneh, and Collin Jackson
  In Proc. of the 19th USENIX Security Symposium. (USENIX Security 2010)
• Protecting Browser State from Web Privacy Attacks
  Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell
  In Proc. of the 15th International World Wide Web Conference. (WWW 2006)

Authentication and Authorization

• Rootkits for JavaScript Environments
  Ben Adida, Adam Barth, and Collin Jackson

  In Proc. of 3rd USENIX Workshop on Offensive Technologies (WOOT 2009)
• Transaction Generators: Rootkits for the Web
  Collin Jackson, Dan Boneh, and John C. Mitchell
  In Proc. of the 2nd USENIX Workshop on Hot Topics in Security. (HotSec 2007)
• An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks
  Collin Jackson, Dan Simon, Desney Tan, and Adam Barth
  In Proc. of the 2007 Workshop on Usable Security. (USEC 2007)
• Stronger Password Authentication Using Browser Extensions
  Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C. Mitchell
  In Proc. of the 14th USENIX Security Symposium. (USENIX Security 2005)