Javascript sandboxing: Isolating and restricting client-side javascript
Paper i proceeding, 2016

Today’s web applications rely on the same-origin policy, the primary security policy of the Web, to isolate their web origin from malicious client-side JavaScript. When an attacker can somehow breach the same-origin policy and execute JavaScript code inside a web application’s origin, he gains full control over all available functionality and data in that web origin. In the JavaScript sandboxing field, we assume that an attacker has the ability to execute JavaScript code in a web application’s origin. The goal of JavaScript sandboxing is to isolate the execution of certain JavaScript code and restrict what functionality and data is available to it. In this paper we discuss proposed JavaScript sandboxing systems divided into three categories: JavaScript sandboxing through JavaScript subsets and rewriting systems, JavaScript sandboxing using browser modifications and JavaScript sandboxing without browser modifications.

Författare

Steven Van Acker

Chalmers, Data- och informationsteknik, Programvaruteknik

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Programvaruteknik

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 9808 LNCS 32-86

16th International Summer School on Foundations of Security Analysis and Design, FOSAD 2016
Bertinoro, Italy,

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Data- och informationsvetenskap

Fundament

Grundläggande vetenskaper

DOI

10.1007/978-3-319-43005-8_2

Mer information

Senast uppdaterat

2021-07-28