ausblenden:
Schlagwörter:
Computer Science, Cryptography and Security, cs.CR
Zusammenfassung:
In the standard web browser programming model, third-party scripts included
in an application execute with the same privilege as the application's own
code. This leaves the application's confidential data vulnerable to theft and
leakage by malicious code and inadvertent bugs in the third-party scripts.
Security mechanisms in modern browsers (the same-origin policy, cross-origin
resource sharing and content security policies) are too coarse to suit this
programming model. All these mechanisms (and their extensions) describe whether
or not a script can access certain data, whereas the meaningful requirement is
to allow untrusted scripts access to confidential data that they need and to
prevent the scripts from leaking data on the side. Motivated by this gap, we
propose WebPol, a policy mechanism that allows a website developer to include
fine-grained policies on confidential application data in the familiar syntax
of the JavaScript programming language. The policies can be associated with any
webpage element, and specify what aspects of the element can be accessed by
which third-party domains. A script can access data that the policy allows it
to, but it cannot pass the data (or data derived from it) to other scripts or
remote hosts in contravention of the policy. To specify the policies, we expose
a small set of new native APIs in JavaScript. Our policies can be enforced
using any of the numerous existing proposals for information flow tracking in
web browsers. We have integrated our policies into one such proposal that we
use to evaluate performance overheads and to test our examples.