Paper Info
Title
The case for JavaScript transactions: position paper
Abstract
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Without proper isolation, such content can compromise the security and privacy of these Web applications. Prior techniques for isolating untrusted JavaScript code do so by restricting dangerous constructs and inlining security checks into third-party code. This paper presents a new approach that extends the JavaScript language to make isolation a language-level primitive. We propose to extend the language using a new transaction construct that allows a Web application to speculatively execute untrusted code and isolate its changes. The Web application can then inspect these speculative actions and commit them only if they comply with the application's security policies. We discuss use-cases that can benefit from JavaScript support for transactions, present a formalization of JavaScript transactions and conclude with implementation considerations.
Year
DOI
Venue
2010
10.1145/1814217.1814223
PLAS
Keywords
DocType
Citations 
position paper,javascript support,security policy,untrusted javascript code,javascript language,inlining security check,javascript transaction,web application,multiple untrusted source,third-party code,modern web application,speculative execution,confinement,use case,javascript,isolation
Conference
3
PageRank 
References 
Authors
0.43
11
3
Name
Order
Citations
PageRank
Mohan Dhawan119211.15
Chung-chieh Shan248533.27
Vinod Ganapathy371342.69