2013
DOI: 10.1007/978-3-642-40203-6_41
|View full text |Cite
|
Sign up to set email alerts
|

Data-Confined HTML5 Applications

Abstract: Rich client-side applications written in HTML5 proliferate diverse platforms such as mobile devices, commodity PCs, and the web platform. These client-side HTML5 applications are increasingly accessing sensitive data, including users' personal and social data, sensor data, and capability-bearing tokens. To fulfill their security and privacy guarantees, these applications need to maintain certain data-confinement invariants. These invariants are not explicitly stated in today's HTML5 applications and are enforc… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
11
0

Year Published

2013
2013
2024
2024

Publication Types

Select...
4
3
2

Relationship

1
8

Authors

Journals

citations
Cited by 23 publications
(11 citation statements)
references
References 27 publications
0
11
0
Order By: Relevance
“…Mozilla Persona, formerly known as BrowserID, is another single sign-on system that uses email addresses as unique identifiers instead of URIs as done in WebID or OpenID [5]. To prove ownership of an email address, an identity provider issues an X.509 certificate to a trusted user.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Mozilla Persona, formerly known as BrowserID, is another single sign-on system that uses email addresses as unique identifiers instead of URIs as done in WebID or OpenID [5]. To prove ownership of an email address, an identity provider issues an X.509 certificate to a trusted user.…”
Section: Related Workmentioning
confidence: 99%
“…Section 4). The hybrid generation mode relies on native support by the Web browsers, which is not provided or planned to provide by all Web browser vendors 5 .…”
Section: Characteristics Of Generation Modesmentioning
confidence: 99%
“…Platform production systems are cloud PaaS (Platform as a Service) similar to the type you need to install a separate SDK without using a Web browser, anytime, anywhere, and you can use the authoring interface platform. Interface creation tools are based on the development of HTML5 [11,12]. Figure 5 shows the interface structure of the platform for production systems.…”
Section: Platform Based On Cloud Of Customized Interfacementioning
confidence: 99%
“…A second channel is to leak decrypted content via the clientside code. Defenses to prevent client-side data exfiltration have recently been proposed using features in HTML5 such as temporary origins [12]. We assume that with the help of the trusted authentication and key server, we can privilege separate the decryption and data export channels in a secure origin on the client-side.…”
Section: Threat Modelmentioning
confidence: 99%