SafeScript: JavaScript transformation for policy enforcement
Paper i proceeding, 2013

Approaches for safe execution of JavaScript on web pages have been a topic of recent research interest. A significant number of these approaches aim to provide safety through runtime mediation of accesses made by a JavaScript program. In this paper, we propose a novel, lightweight JavaScript transformation technique for enforcing security properties on untrusted JavaScript programs using source code interposition. Our approach assures namespace isolation between several principals within a single web page, and access control for sensitive browser interfaces. This access control mechanism is based on a whitelist approach to ensure soundness of the mediation. Our technique is lightweight, resulting in low run-time overhead compared to existing solutions such as BrowserShield and Caja. © 2013 Springer-Verlag.

Författare

M. Ter Louw

University of Illinois

Phu Phung

Chalmers, Data- och informationsteknik

Göteborgs universitet

R. Krishnamurti

University of Illinois

V.N. Venkatakrishnan

University of Illinois

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 8208 LNCS 67-83

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1007/978-3-642-41488-6_5

Mer information

Senast uppdaterat

2022-04-05