Skip to Main content Skip to Navigation
Journal articles

Survey on JavaScript Security Policies and their Enforcement Mechanisms in a Web Browser

Nataliia Bielova 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : We observe a rapid growth of web-based applications every day. These applications are executed in the web browser, where they interact with a variety of information belonging to the user. The dynamism of web applications is provided by the use of web scripts, and in particular JavaScript, that accesses this information through a browser- provided set of APIs. Unfortunately, some of the scripts use the given functionality in malicious ways. Over the last decade, a substantial number of web-based attacks that violate user's privacy and security have been detected. For this reason, web script security has been an active area of research. Both computer security researchers and web developers have proposed a number of techniques to enforce different security and privacy policies in the web browser. Among all the works on web browser security, we survey dynamic techniques based on runtime monitoring as well as secure information flow techniques. We then combine and compare the security and privacy policies they enforce, and the way the enforcement is done. We target two groups of readers: 1) for computer security researchers we propose an overview of security-relevant components of the web browser and the security policies based on these components, we also show how well-known enforcement techniques are applied in a web browser setting; 2) for web developers we propose a classification of security policies, comparison of existing enforcement mechanisms proposed in the literature and explanation of formal guarantees that they provide.
Document type :
Journal articles
Complete list of metadata

https://hal.inria.fr/hal-00932730
Contributor : Nataliia Bielova <>
Submitted on : Friday, January 17, 2014 - 3:37:38 PM
Last modification on : Tuesday, June 15, 2021 - 4:25:51 PM

Links full text

Identifiers

Citation

Nataliia Bielova. Survey on JavaScript Security Policies and their Enforcement Mechanisms in a Web Browser. Journal of Logic and Algebraic Programming, Elsevier, 2013, Automated Specification and Verification of Web Systems, 82 (8), pp.243-262. ⟨10.1016/j.jlap.2013.05.001⟩. ⟨hal-00932730⟩

Share

Metrics

Record views

404