SafeScript: JavaScript transformation for policy enforcement
Paper in proceeding, 2013

Approaches for safe execution of JavaScript on web pages have been a topic of recent research interest. A significant number of these approaches aim to provide safety through runtime mediation of accesses made by a JavaScript program. In this paper, we propose a novel, lightweight JavaScript transformation technique for enforcing security properties on untrusted JavaScript programs using source code interposition. Our approach assures namespace isolation between several principals within a single web page, and access control for sensitive browser interfaces. This access control mechanism is based on a whitelist approach to ensure soundness of the mediation. Our technique is lightweight, resulting in low run-time overhead compared to existing solutions such as BrowserShield and Caja. © 2013 Springer-Verlag.

Author

M. Ter Louw

University of Illinois

Phu Phung

Chalmers, Computer Science and Engineering (Chalmers)

University of Gothenburg

R. Krishnamurti

University of Illinois

V.N. Venkatakrishnan

University of Illinois

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 8208 LNCS 67-83

Subject Categories

Computer Science

DOI

10.1007/978-3-642-41488-6_5

More information

Latest update

4/5/2022 6