SafeScript: JavaScript transformation for policy enforcement
Paper i proceeding, 2013

Approaches for safe execution of JavaScript on web pages have been a topic of recent research interest. A significant number of these approaches aim to provide safety through runtime mediation of accesses made by a JavaScript program. In this paper, we propose a novel, lightweight JavaScript transformation technique for enforcing security properties on untrusted JavaScript programs using source code interposition. Our approach assures namespace isolation between several principals within a single web page, and access control for sensitive browser interfaces. This access control mechanism is based on a whitelist approach to ensure soundness of the mediation. Our technique is lightweight, resulting in low run-time overhead compared to existing solutions such as BrowserShield and Caja. © 2013 Springer-Verlag.

Författare

M. Ter Louw

University of Illinois

Phu Phung

Göteborgs universitet

R. Krishnamurti

University of Illinois

V.N. Venkatakrishnan

University of Illinois

Lecture Notes in Computer Science

0302-9743 (ISSN)

67-83

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1007/978-3-642-41488-6_5

ISBN

9783642414879