2007
DOI: 10.1145/1323293.1294263
|View full text |Cite
|
Sign up to set email alerts
|

Protection and communication abstractions for web browsers in MashupOS

Abstract: Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "Web 2.0" applications (or mashups) offer rich services, rivaling those of desktop PCs. However, the protection and communication abstractions offered by today's browsers remain suitable only for a single-principal system-either no trust through complete isolatio… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
51
0

Year Published

2008
2008
2015
2015

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 39 publications
(51 citation statements)
references
References 12 publications
0
51
0
Order By: Relevance
“…Similarly, Caja [3] and ADsafe [31] use a safe subset of JavaScript, and they eliminate dangerous DOM APIs such as eval and document.write, which could allow advertisements to take control of the entire webpage. Several works focus on sandbox components in mashups [46,52]. A representative work of the holistic approach is the Escudo work [37]: Escudo proposes a ring-based access control model for web browsers.…”
Section: Related Workmentioning
confidence: 99%
“…Similarly, Caja [3] and ADsafe [31] use a safe subset of JavaScript, and they eliminate dangerous DOM APIs such as eval and document.write, which could allow advertisements to take control of the entire webpage. Several works focus on sandbox components in mashups [46,52]. A representative work of the holistic approach is the Escudo work [37]: Escudo proposes a ring-based access control model for web browsers.…”
Section: Related Workmentioning
confidence: 99%
“…Mash-IF [17] uses an IFC approach, associating each domain's JavaScript objects with security labels, and using a modified browser to track taint and enforce disclosure policies. OMash [7], object views [18], Embassies [13], and MashupOS [34] provide additional models for expressing cross-domain security policies.…”
Section: Related Workmentioning
confidence: 99%
“…In summary, web browsers are based on Same Origin Policy (SOP) in which cookies are selectively sent to a web server based on its domain or sub-domain [17]. RFC 2965 [18] provides information on how cookies should be selectively sent to a web server and what modifications to cookies are not encouraged from end users.…”
Section: Figure 6 Session Data Size (Cookies and Hidden Input Elemenmentioning
confidence: 99%