Abstract | ||
---|---|---|
With the advent of Web 2.0, web developers have designed multiple additions to break SOP boundary, such as splitting and combining traditional web browser protection boundaries (security principals). However, these newly generated principals lack a new label to represent its security property. To address the inconsistent label problem, this paper proposes a new way to define a security principal and its labels in the browser. In particular, we propose a Configurable Origin Policy (COP), in which a browser's security principal is defined by a configurable ID rather than a fixed triple <;scheme, host, port>. The server-side and client-side code of a web application can create, join, and destroy its own principals. We perform a formal security analysis on COP to ensure session integrity. Then we also show that COP is compatible with legacy web sites, and those sites utilizing COP are also compatible with legacy browsers. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/DSN.2013.6575317 | DSN |
Keywords | Field | DocType |
security property,traditional web browser protection,web developer,web developers,online front-ends,web 2.0,formal security analysis,redefining web browser principal,server-side code,configurable id,legacy web site,internet,session integrity,configurable origin policy,sop boundary,security principal,client-server systems,client-side code,web application,new label,inconsistent label problem,legacy browser,security of data,legacy web sites,web browser security principal,security,servers,mashups,web 2 0 | Same-origin policy,Web API,World Wide Web,Web page,Computer science,Computer security,Comet (programming),Web modeling,Web application security,Web navigation,Client-side scripting,Distributed computing | Conference |
ISSN | ISBN | Citations |
1530-0889 | 978-1-4673-6471-3 | 7 |
PageRank | References | Authors |
0.53 | 32 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yinzhi Cao | 1 | 297 | 18.73 |
Vaibhav Rastogi | 2 | 317 | 12.31 |
Zhichun Li | 3 | 814 | 41.48 |
Yan Chen | 4 | 3842 | 220.64 |
Alex Moshchuk | 5 | 827 | 60.52 |