Please use this identifier to cite or link to this item:
https://doi.org/10.1109/ICDCS.2011.87
Title: | Towards fine-grained access control in JavaScript contexts | Authors: | Patil, K. Dong, X. Li, X. Liang, Z. Jiang, X. |
Issue Date: | 2011 | Citation: | Patil, K., Dong, X., Li, X., Liang, Z., Jiang, X. (2011). Towards fine-grained access control in JavaScript contexts. Proceedings - International Conference on Distributed Computing Systems : 720-729. ScholarBank@NUS Repository. https://doi.org/10.1109/ICDCS.2011.87 | Abstract: | A typical Web 2.0 application usually includes JavaScript from various sources with different trust. It is critical to properly regulate JavaScript's access to web application resources. Unfortunately, existing protection mechanisms in web browsers do not provide enough granularity in JavaScript access control. Specifically, existing solutions partially mitigate this sort of threat by only providing access control for certain types of JavaScript objects, or by unnecessarily restricting the functionality of untrusted JavaScript. In this paper, we systematically analyze the complete access control requirements in a web browser's JavaScript environment and identify the fundamental lack of fine-grained JavaScript access control mechanisms in modern web browsers. As our solution, we propose a reference monitor called JCShadow that enables fine-grained access control in JavaScript contexts without unnecessarily restricting the functionality of JavaScript.We have developed a proof-of-concept prototype in the Mozilla Firefox browser and the evaluation with real-world attacks indicates that JCShadow effectively prevents such attacks with low performance overhead. © 2011 IEEE. | Source Title: | Proceedings - International Conference on Distributed Computing Systems | URI: | http://scholarbank.nus.edu.sg/handle/10635/41753 | ISBN: | 9780769543642 | DOI: | 10.1109/ICDCS.2011.87 |
Appears in Collections: | Staff Publications |
Show full item record
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.