Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
ESCUDO: A Fine-Grained Protection Model for Web Browsers
ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Protecting private web content from embedded scripts
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
SCUTA: a server-side access control system for web applications
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
| Hi-index | 0.00 |
Web is playing a more and more important role in our daily life. Large volume of personal and business communications are taking place via Web everyday. Due to its importance and its vulnerabilities from the early design, the Web has become a preferred target of attacks. After discussing the causes and effects of vulnerabilities, we then present that the current access control system of the web is the root cause for these problems. As a part of the efforts to develop a fine-grained access control system in a Web application, we focus on the dynamic scoping for browser based access control. Instead of using static scope to isolate the client code from the trusted web application, dynamic scoping is utilized to identify different patties in a Web page. Such an improvement will allow the client and trusted web application share common libraries, while still get executed at different trust levels.