Poster: DIEGO: a fine-grained access control for web browsers

Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI:10.1145/2046707.2093494

Ashar Javed

{"title":"Poster: DIEGO: a fine-grained access control for web browsers","authors":"Ashar Javed","doi":"10.1145/2046707.2093494","DOIUrl":null,"url":null,"abstract":"Modern web applications combine content from several sources (with varying security characteristics), and incorporate significant portion of user-supplied contents to enrich browsing experience. However, the de facto web protection model, the same-origin policy (SOP), has not adequately evolved to manage the security consequences of this additional complexity. As a result, making web applications subject to a broad sphere of attacks (cross-site scripting, cross-site request forgery and others). The fundamental problem is the failure of access control. To solve this, in this work, we present DIEGO, a new fine-grained access control model for web browsers. Our overall design approach is to combine mandatory access-control (MAC) principles of operating system with tag pairing isolation technique in order to provide stealthy protection. To support backwards compatibility, DIEGO defaults to the same-origin policy (SOP) for web applications.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2046707.2093494","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Modern web applications combine content from several sources (with varying security characteristics), and incorporate significant portion of user-supplied contents to enrich browsing experience. However, the de facto web protection model, the same-origin policy (SOP), has not adequately evolved to manage the security consequences of this additional complexity. As a result, making web applications subject to a broad sphere of attacks (cross-site scripting, cross-site request forgery and others). The fundamental problem is the failure of access control. To solve this, in this work, we present DIEGO, a new fine-grained access control model for web browsers. Our overall design approach is to combine mandatory access-control (MAC) principles of operating system with tag pairing isolation technique in order to provide stealthy protection. To support backwards compatibility, DIEGO defaults to the same-origin policy (SOP) for web applications.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

海报:DIEGO:一种针对web浏览器的细粒度访问控制

现代web应用程序将来自多个来源(具有不同的安全特性)的内容组合在一起，并合并了很大一部分用户提供的内容，以丰富浏览体验。然而，事实上的web保护模型，同源策略(SOP)，并没有充分发展到管理这种额外复杂性的安全后果。因此，使web应用程序受到广泛的攻击(跨站点脚本、跨站点请求伪造等)。根本的问题是访问控制的失败。为了解决这个问题，在这项工作中，我们提出了DIEGO，一个新的细粒度的web浏览器访问控制模型。我们的总体设计方法是将操作系统的强制访问控制(MAC)原理与标签配对隔离技术相结合，以提供隐形保护。为了支持向后兼容性，DIEGO默认为web应用程序使用同源策略(SOP)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security

CiteScore

9.20

自引率

0.00%

发文量