Please use this identifier to cite or link to this item: https://doi.org/10.1109/ICDCS.2011.87
Title: Towards fine-grained access control in JavaScript contexts
Authors: Patil, K.
Dong, X.
Li, X.
Liang, Z. 
Jiang, X.
Issue Date: 2011
Source: Patil, K., Dong, X., Li, X., Liang, Z., Jiang, X. (2011). Towards fine-grained access control in JavaScript contexts. Proceedings - International Conference on Distributed Computing Systems : 720-729. ScholarBank@NUS Repository. https://doi.org/10.1109/ICDCS.2011.87
Abstract: A typical Web 2.0 application usually includes JavaScript from various sources with different trust. It is critical to properly regulate JavaScript's access to web application resources. Unfortunately, existing protection mechanisms in web browsers do not provide enough granularity in JavaScript access control. Specifically, existing solutions partially mitigate this sort of threat by only providing access control for certain types of JavaScript objects, or by unnecessarily restricting the functionality of untrusted JavaScript. In this paper, we systematically analyze the complete access control requirements in a web browser's JavaScript environment and identify the fundamental lack of fine-grained JavaScript access control mechanisms in modern web browsers. As our solution, we propose a reference monitor called JCShadow that enables fine-grained access control in JavaScript contexts without unnecessarily restricting the functionality of JavaScript.We have developed a proof-of-concept prototype in the Mozilla Firefox browser and the evaluation with real-world attacks indicates that JCShadow effectively prevents such attacks with low performance overhead. © 2011 IEEE.
Source Title: Proceedings - International Conference on Distributed Computing Systems
URI: http://scholarbank.nus.edu.sg/handle/10635/41753
ISBN: 9780769543642
DOI: 10.1109/ICDCS.2011.87
Appears in Collections:Staff Publications

Show full item record
Files in This Item:
There are no files associated with this item.

SCOPUSTM   
Citations

13
checked on Dec 6, 2017

WEB OF SCIENCETM
Citations

5
checked on Nov 19, 2017

Page view(s)

59
checked on Dec 10, 2017

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.