Paper Info
Title
Redefining web browser principals with a Configurable Origin Policy
Abstract
With the advent of Web 2.0, web developers have designed multiple additions to break SOP boundary, such as splitting and combining traditional web browser protection boundaries (security principals). However, these newly generated principals lack a new label to represent its security property. To address the inconsistent label problem, this paper proposes a new way to define a security principal and its labels in the browser. In particular, we propose a Configurable Origin Policy (COP), in which a browser's security principal is defined by a configurable ID rather than a fixed triple <;scheme, host, port>. The server-side and client-side code of a web application can create, join, and destroy its own principals. We perform a formal security analysis on COP to ensure session integrity. Then we also show that COP is compatible with legacy web sites, and those sites utilizing COP are also compatible with legacy browsers.
Year
DOI
Venue
2013
10.1109/DSN.2013.6575317
DSN
Keywords
Field
DocType
security property,traditional web browser protection,web developer,web developers,online front-ends,web 2.0,formal security analysis,redefining web browser principal,server-side code,configurable id,legacy web site,internet,session integrity,configurable origin policy,sop boundary,security principal,client-server systems,client-side code,web application,new label,inconsistent label problem,legacy browser,security of data,legacy web sites,web browser security principal,security,servers,mashups,web 2 0
Same-origin policy,Web API,World Wide Web,Web page,Computer science,Computer security,Comet (programming),Web modeling,Web application security,Web navigation,Client-side scripting,Distributed computing
Conference
ISSN
ISBN
Citations 
1530-0889
978-1-4673-6471-3
7
PageRank 
References 
Authors
0.53
32
5
Name
Order
Citations
PageRank
Yinzhi Cao129718.73
Vaibhav Rastogi231712.31
Zhichun Li381441.48
Yan Chen43842220.64
Alex Moshchuk582760.52