Don't Make Me Think: A Common Sense Approach to the Web (2nd Edition)
Don't Make Me Think: A Common Sense Approach to the Web (2nd Edition)
Prioritizing Web Usability
Protection and communication abstractions for web browsers in MashupOS
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
MashupOS: operating system abstractions for client mashups
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Analyzing Information Flow in JavaScript-Based Browser Extensions
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Hi-index | 0.00 |
Many web security vulnerabilities allow parts of a page to interact when they should be isolated. Such vulnerabilities can be mitigated by implementing protection boundaries between web page elements. Several methods exist for creating such boundaries, but existing methods require relatively sophisticated knowledge of web technologies. To make protection mechanisms available to a wider audience, we propose a simple web page security policy language, ViSP, modelled on mechanisms for specifying page layout. Here we characterise ViSP and describe a simple Firefox-based prototype that allows interactive, graphical specification of per-page security policies. We also show how these tools can be used to protect against cross-site scripting (XSS) attacks on common web applications.