2016
DOI: 10.1515/popets-2016-0014
|View full text |Cite
|
Sign up to set email alerts
|

Beeswax: a platform for private web apps

Abstract: Even if a web-based messaging service offered confidential channels, how would users know whether their keys, or indeed even their plaintext, was not being exfiltrated? What if a variety of applications offered confidentiality? How would a user gain trust in all of them? In this paper we argue that a platform for private web applications is the only practical way for users to gain assurance about the confidentiality claims of a large number of full-featured web-services.We introduce Beeswax, a client-side … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
5
0

Year Published

2018
2018
2022
2022

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 6 publications
(5 citation statements)
references
References 8 publications
0
5
0
Order By: Relevance
“…Still, the motivation for both differ significantly: while iframes were introduced to allow the secure integration of content from different websites, shadow roots were introduced to allow component-based web development similar to, for example, using components in the .net framework. The limitations of shadow roots to ensure the privacy of data processed by web applications have already been discussed by Légaré et al [16] and Freyberger et al [11].…”
Section: Related Workmentioning
confidence: 99%
“…Still, the motivation for both differ significantly: while iframes were introduced to allow the secure integration of content from different websites, shadow roots were introduced to allow component-based web development similar to, for example, using components in the .net framework. The limitations of shadow roots to ensure the privacy of data processed by web applications have already been discussed by Légaré et al [16] and Freyberger et al [11].…”
Section: Related Workmentioning
confidence: 99%
“…Our work highlights significant UI vulnerabilities in ShadowCrypt. Even though ShadowCrypt has not witnessed widespread deployment, we believe it is critical to understand the security of such mechanisms, which could influence the design of ongoing research systems [7,13,17,19,[28][29][30]36] and future technologies. Our work demonstrates that it is important for any system that aims to secure browser-based I/O (even beyond ShadowCrypt) to explicitly consider UI attacks in its threat model.…”
Section: Contributionsmentioning
confidence: 99%
“…Légaré et al propose a solution that relies on the implementation details of Chrome browser to prevent UI attacks [29]. The platform developed by Légaré et al, BeesWax, uses the small 4px square that is dedicated to each Chrome extension to display to the user whether or not the in-focus input node is secure.…”
Section: Related Workmentioning
confidence: 99%
“…This must be customized for each web application, and was only demonstrated for Google Docs. Similarly, Beeswax requires tight cooperation between application developers and the security platform [22]. Developers must indicate which DOM elements should be kept private and which users can share the contents of those elements, and then the platform provides cryptographic operations and key management.…”
Section: Other Approachesmentioning
confidence: 99%
“…This approach is not common, but there have been a few standalone websites that provide PGP encryption. 22 Standalone Application. A standalone application is the traditional strategy for implementing content-based encryption.…”
Section: Acknowledgmentmentioning
confidence: 99%