EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism
Proceedings of the 14th ACM conference on Computer and communications security
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Securing frame communication in browsers
SS'08 Proceedings of the 17th conference on Security symposium
Residue objects: a challenge to web browser security
Proceedings of the 5th European conference on Computer systems
xJS: practical XSS prevention for web application development
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Proceedings of the 17th ACM conference on Computer and communications security
Securing script-based extensibility in web browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
C3: an experimental, extensible, reconfigurable platform for HTML-based applications
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Safe wrappers and sane policies for self protecting javascript
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Detecting and analyzing insecure component usage
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Virtual browser: a virtualized browser to sandbox third-party JavaScripts with enhanced security
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Securing web-clients with instrumented code and dynamic runtime monitoring
Journal of Systems and Software
Practical blended taint analysis for JavaScript
Proceedings of the 2013 International Symposium on Software Testing and Analysis
| Hi-index | 0.00 |
We identify a class of Web browser implementation vulnerabilities, cross-origin JavaScript capability leaks, which occur when the browser leaks a JavaScript pointer from one security origin to another. We devise an algorithm for detecting these vulnerabilities by monitoring the "points-to" relation of the JavaScript heap. Our algorithm finds a number of new vulnerabilities in the opensource WebKit browser engine used by Safari. We propose an approach to mitigate this class of vulnerabilities by adding access control checks to browser JavaScript engines. These access control checks are backwardscompatible because they do not alter semantics of the Web platform. Through an application of the inline cache, we implement these checks with an overhead of 1-2% on industry-standard benchmarks.