Safe Wrappers and Sane Policies for Self Protecting JavaScript
Uloženo v:
| Název: | Safe Wrappers and Sane Policies for Self Protecting JavaScript |
|---|---|
| Autoři: | Jonas Magazinius, Phu H. Phung, David Sands |
| Přispěvatelé: | The Pennsylvania State University CiteSeerX Archives |
| Zdroj: | http://www.cse.chalmers.se/%7Edave/papers/SafeWrappers.pdf. |
| Sbírka: | CiteSeerX |
| Popis: | Phung et al (ASIACCS’09) describe a method for wrapping built-in methods of JavaScript programs in order to enforce security policies. The method is appealing because it requires neither deep transformation of the code nor browser modification. Unfortunately the implementation outlined suffers from a range of vulnerabilities, and policy construction is restrictive and error prone. In this paper we address these issues to provide a systematic way to avoid the identified vulnerabilities, and make it easier for the policy writer to construct declarative policies – i.e. policies upon which attacker code has no side effects. 1 |
| Druh dokumentu: | text |
| Popis souboru: | application/pdf |
| Jazyk: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.187.5469; http://www.cse.chalmers.se/%7Edave/papers/SafeWrappers.pdf |
| Dostupnost: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.187.5469 http://www.cse.chalmers.se/%7Edave/papers/SafeWrappers.pdf |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| Přístupové číslo: | edsbas.5255D16B |
| Databáze: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | Phung et al (ASIACCS’09) describe a method for wrapping built-in methods of JavaScript programs in order to enforce security policies. The method is appealing because it requires neither deep transformation of the code nor browser modification. Unfortunately the implementation outlined suffers from a range of vulnerabilities, and policy construction is restrictive and error prone. In this paper we address these issues to provide a systematic way to avoid the identified vulnerabilities, and make it easier for the policy writer to construct declarative policies – i.e. policies upon which attacker code has no side effects. 1 |
|---|