Javascript sandboxing: Isolating and restricting client-side javascript
Paper in proceeding, 2016
Today’s web applications rely on the same-origin policy, the primary security policy of the Web, to isolate their web origin from malicious client-side JavaScript. When an attacker can somehow breach the same-origin policy and execute JavaScript code inside a web application’s origin, he gains full control over all available functionality and data in that web origin. In the JavaScript sandboxing field, we assume that an attacker has the ability to execute JavaScript code in a web application’s origin. The goal of JavaScript sandboxing is to isolate the execution of certain JavaScript code and restrict what functionality and data is available to it. In this paper we discuss proposed JavaScript sandboxing systems divided into three categories: JavaScript sandboxing through JavaScript subsets and rewriting systems, JavaScript sandboxing using browser modifications and JavaScript sandboxing without browser modifications.
Author
Steven Van Acker
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Andrei Sabelfeld
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 9808 LNCS 32-86
16th International Summer School on Foundations of Security Analysis and Design, FOSAD 2016
Bertinoro, Italy,
Bertinoro, Italy,
Areas of Advance
Information and Communication Technology
Subject Categories
Computer and Information Science
Roots
Basic sciences
DOI
10.1007/978-3-319-43005-8_2