Abstract | ||
---|---|---|
Extant security mechanisms for web apps, notably the \"same-origin policy\", are not sufficient to achieve confidentiality and integrity goals for the many apps that manipulate sensitive information. The trend in web apps is \"mashups\" which integrate JavaScript code from multiple providers in ways that can undercut existing security mechanisms. Researchers are exploring dynamic information flow controls (IFC) for JavaScript, but there are many challenges to achieving strong IFC without excessive performance cost or impractical browser modifications. This paper presents an inlined IFC monitor for ECMAScript 5 with web support, using the no-sensitive-upgrade (NSU) technique, together with experimental evaluation using synthetic mashups and performance benchmarks. On this basis it should be possible to conduct experiments at scale to evaluate feasibility of both NSU and inlined monitoring. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1145/2810103.2813684 | ACM Conference on Computer and Communications Security |
Field | DocType | Citations |
Mashup,Information flow (information theory),World Wide Web,Internet privacy,Confidentiality,Computer security,Computer science,Extant taxon,Web application,Information sensitivity,JavaScript | Conference | 16 |
PageRank | References | Authors |
0.52 | 46 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Andrey Chudnov | 1 | 180 | 7.97 |
David Naumann | 2 | 1101 | 84.12 |