Please use this identifier to cite or link to this item:
Title: Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Authors: Dong, X.
Chen, Z.
Siadati, H.
Tople, S.
Saxena, P.
Liang, Z. 
Keywords: browser security
data protection
web security
Issue Date: 2013
Source: Dong, X.,Chen, Z.,Siadati, H.,Tople, S.,Saxena, P.,Liang, Z. (2013). Protecting sensitive web content from client-side vulnerabilities with CRYPTONS. Proceedings of the ACM Conference on Computer and Communications Security : 1311-1324. ScholarBank@NUS Repository.
Abstract: Web browsers isolate web origins, but do not provide direct abstractions to isolate sensitive data and control computation over it within the same origin. As a result, guaranteeing security of sensitive web content requires trusting all code in the browser and client-side applications to be vulnerability-free. In this paper, we propose a new abstraction, called Crypton, which supports intra-origin control over sensitive data throughout its life cycle. To securely enforce the semantics of Cryptons, we develop a standalone component called Crypton-Kernel, which extensively leverages the functionality of existing web browsers without relying on their large TCB. Our evaluation demonstrates that the Crypton abstraction supported by the Crypton-Kernel is widely applicable to popular real-world applications with millions of users, including webmail, chat, blog applications, and Alexa Top 50 websites, with low performance overhead. © 2013 ACM.
Source Title: Proceedings of the ACM Conference on Computer and Communications Security
ISBN: 9781450324779
ISSN: 15437221
DOI: 10.1145/2508859.2516743
Appears in Collections:Staff Publications

Show full item record
Files in This Item:
There are no files associated with this item.


checked on Feb 21, 2018

Page view(s)

checked on Feb 17, 2018

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.