Name
Abstract | ||
|---|---|---|
Browser designers create security mechanisms to help web developers protect web applications, but web developers are usually slow to use these features in web-based applications (web apps). In this paper we introduce Zan, a browser-based system for applying new browser security mechanisms to legacy web apps automatically. Our key insight is that web apps often contain enough information, via web developer source-code patterns or key properties of web-app objects, to allow the browser to infer opportunities for applying new security mechanisms to existing web apps. We apply this new concept to protect authentication cookies, prevent web apps from being framed unwittingly, and perform JavaScript object deserialization safely. We evaluate Zan on up to the 1000 most popular websites for each of the three cases. We find that Zan can provide complimentary protection for the majority of potentially applicable websites automatically without requiring additional code from the web developers and with negligible incompatibility impact. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1145/2046707.2046777 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
new browser security mechanism,legacy web,web-based application,web apps,popular web,web developer source-code pattern,existing web apps,web application,new concept,web developer,applicable web,source code,web based applications,web security,web development | Static web page,Web development,Web design,Web API,Internet privacy,World Wide Web,Web developer,Web page,Computer security,Computer science,Web modeling,Web application security | Conference |
Citations | PageRank | References |
16 | 0.73 | 19 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Shuo Tang | 1 | 191 | 14.04 |
| Nathan Dautenhahn | 2 | 129 | 5.72 |
| Samuel T. King | 3 | 1818 | 142.20 |