SafeScript: JavaScript transformation for policy enforcement
Paper in proceedings, 2013

Approaches for safe execution of JavaScript on web pages have been a topic of recent research interest. A significant number of these approaches aim to provide safety through runtime mediation of accesses made by a JavaScript program. In this paper, we propose a novel, lightweight JavaScript transformation technique for enforcing security properties on untrusted JavaScript programs using source code interposition. Our approach assures namespace isolation between several principals within a single web page, and access control for sensitive browser interfaces. This access control mechanism is based on a whitelist approach to ensure soundness of the mediation. Our technique is lightweight, resulting in low run-time overhead compared to existing solutions such as BrowserShield and Caja. © 2013 Springer-Verlag.

Author

M. Ter Louw

University of Illinois

Phu Phung

University of Gothenburg

R. Krishnamurti

University of Illinois

V.N. Venkatakrishnan

University of Illinois

Lecture Notes in Computer Science

0302-9743 (ISSN)

67-83

Subject Categories

Computer Science

DOI

10.1007/978-3-642-41488-6_5

ISBN

9783642414879

More information

Latest update

7/4/2018 6