KUBERA: A Security Model for Web Applications
(0) Web Applications have changed significantly since the World Wide Web was introduced, facing a shift in web content from simple hyperlinked documents to active programs. However, the prevailing web protection model, the same origin policy, is an imperfect approach to identify web applications and govern their behavior. As a result, web applications have become attractive targets of exploitation, especially web plug-ins. In this paper, we present KUBERA, a new web browser security model that adapts lessons from OS to make the browser a more suitable platform for web applications. Using system call interposition, KUBERA is responsible for uniformly specifying and enforcing security policies on not just HTML and JavaScript, but plug-in media and browser extensions as well. We describe our implementation of a prototype of KUBERA, and illustrate how browsers can use KUBERA for securing their resources.
Qiang Wang Zhiguang Qin
School of Computer Science and Engineering University of Electronic Science and Technology of China, Chengdu, China
国际会议
2010 International Conference on Communications,Circuits and Systems(2010年通信、电路与系统国际会议)
成都
英文
274-277
2010-06-28(万方平台首次上网日期,不代表论文的发表时间)