Abstract | ||
---|---|---|
While today's web browsers support multiple principals (i.e., web frames with embedded JavaScript code, or plugins) from many different origins at the same time, they do not have a clear resource management model, and the loose control on resource access has led to various types of web-based attacks. In this paper, we present a resource management framework for web browsers that allows both users of a web browser and the owner of a web page to specify their resource access control policies - which are then enforced by the framework's resource reference monitor. With our resource management framework, a web browser can become more secure, and we show that popular web attacks such as frame hijacking, cross-site request forgery, and DNS rebinding attacks, can all be addressed easily by deploying correct security policies. We also discuss how our resource management approach may be deployed and what a new paradigm it can bring to counter web-based attacks. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1109/ICCNC.2012.6167512 | ICNC |
Keywords | Field | DocType |
web-based attacks,web page,web browser security,online front-ends,frame hijacking,dns rebinding attacks,web resource access control,resource access control policies,authorisation,web security,resource management approach,framework resource reference monitor,web reference monitor,cross-site request forgery,security policy,cross site request forgery,web pages,access control,resource manager | Web development,Same-origin policy,Web API,World Wide Web,Web page,Computer security,Computer science,Web standards,Web modeling,Web navigation,Web application security | Conference |
ISBN | Citations | PageRank |
978-1-4673-0723-9 | 0 | 0.34 |
References | Authors | |
2 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jun Li | 1 | 266 | 46.20 |
Dongting Yu | 2 | 0 | 0.34 |
Luke Maurer | 3 | 0 | 0.34 |