Flexible access control for JavaScript

Gregor Richards Christian Hammer Francesco Zappa Nardelli 1 Suresh Jagannathan Jan Vitek
1 Parkas - Parallélisme de Kahn Synchrone
DI-ENS - Département d'informatique de l'École normale supérieure, ENS Paris - École normale supérieure - Paris, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : Providing security guarantees for systems built out of untrusted components requires the ability to define and enforce access control policies over untrusted code. In Web 2.0 applications, JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We present a security infrastructure which allows users and content providers to specify access control policies over subsets of a JavaScript program by leveraging the concept of delimited histories with revocation. We implement our proposal in WebKit and evaluate it with three policies on 50 widely used websites with no changes to their JavaScript code and report performance overheads and violations.
Type de document :
Communication dans un congrès
OOPSLA'13 - CM SIGPLAN international conference on Object oriented programming systems languages & applications, Oct 2013, Indianapolis, IN, United States. ACM, pp.305-322, 2013, 〈10.1145/2509136.2509542〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00909080
Contributeur : Francesco Zappa Nardelli <>
Soumis le : lundi 25 novembre 2013 - 17:16:34
Dernière modification le : jeudi 30 novembre 2017 - 01:17:45

Identifiants

Collections

Citation

Gregor Richards, Christian Hammer, Francesco Zappa Nardelli, Suresh Jagannathan, Jan Vitek. Flexible access control for JavaScript. OOPSLA'13 - CM SIGPLAN international conference on Object oriented programming systems languages & applications, Oct 2013, Indianapolis, IN, United States. ACM, pp.305-322, 2013, 〈10.1145/2509136.2509542〉. 〈hal-00909080〉

Partager

Métriques

Consultations de la notice

148