Javascript sandboxing: Isolating and restricting client-side javascript
Paper i proceeding, 2016
Today’s web applications rely on the same-origin policy, the primary security policy of the Web, to isolate their web origin from malicious client-side JavaScript. When an attacker can somehow breach the same-origin policy and execute JavaScript code inside a web application’s origin, he gains full control over all available functionality and data in that web origin. In the JavaScript sandboxing field, we assume that an attacker has the ability to execute JavaScript code in a web application’s origin. The goal of JavaScript sandboxing is to isolate the execution of certain JavaScript code and restrict what functionality and data is available to it. In this paper we discuss proposed JavaScript sandboxing systems divided into three categories: JavaScript sandboxing through JavaScript subsets and rewriting systems, JavaScript sandboxing using browser modifications and JavaScript sandboxing without browser modifications.
Författare
Steven Van Acker
Chalmers, Data- och informationsteknik, Programvaruteknik
Andrei Sabelfeld
Chalmers, Data- och informationsteknik, Programvaruteknik
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 9808 LNCS 32-86
16th International Summer School on Foundations of Security Analysis and Design, FOSAD 2016
Bertinoro, Italy,
Bertinoro, Italy,
Styrkeområden
Informations- och kommunikationsteknik
Ämneskategorier
Data- och informationsvetenskap
Fundament
Grundläggande vetenskaper
DOI
10.1007/978-3-319-43005-8_2