SafeScript: JavaScript transformation for policy enforcement
Paper i proceeding, 2013

Approaches for safe execution of JavaScript on web pages have been a topic of recent research interest. A significant number of these approaches aim to provide safety through runtime mediation of accesses made by a JavaScript program. In this paper, we propose a novel, lightweight JavaScript transformation technique for enforcing security properties on untrusted JavaScript programs using source code interposition. Our approach assures namespace isolation between several principals within a single web page, and access control for sensitive browser interfaces. This access control mechanism is based on a whitelist approach to ensure soundness of the mediation. Our technique is lightweight, resulting in low run-time overhead compared to existing solutions such as BrowserShield and Caja. © 2013 Springer-Verlag.

Författare

M. Ter Louw

University of Illinois at Chicago

Phu Phung

Göteborgs universitet

R. Krishnamurti

University of Illinois at Chicago

V.N. Venkatakrishnan

University of Illinois at Chicago

Lecture Notes in Computer Science

0302-9743 (ISSN)

67-83

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1007/978-3-642-41488-6_5

ISBN

9783642414879