Title :
KUBERA: A security model for Web Applications
Author :
Wang, Qiang ; Qin, Zhiguang
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
Abstract :
Web Applications have changed significantly since the World Wide Web was introduced, facing a shift in web content from simple hyperlinked documents to active programs. However, the prevailing web protection model, the same origin policy, is an imperfect approach to identify web applications and govern their behavior. As a result, web applications have become attractive targets of exploitation, especially web plug-ins. In this paper, we present KUBERA, a new web browser security model that adapts lessons from OS to make the browser a more suitable platform for web applications. Using system call interposition, KUBERA is responsible for uniformly specifying and enforcing security policies on not just HTML and JavaScript, but plug-in media and browser extensions as well. We describe our implementation of a prototype of KUBERA, and illustrate how browsers can use KUBERA for securing their resources.
Keywords :
Internet; Java; document handling; hypermedia markup languages; online front-ends; operating systems (computers); security of data; HTML; JavaScript; KUBERA; OS; Web applications; Web browser security model; Web content; Web plug-ins; Web protection model; World Wide Web; browser extensions; hyperlinked documents; plug-in media; security policy; system call interposition; Browsers; Educational institutions; Fires; Motion pictures; Navigation;
Conference_Titel :
Communications, Circuits and Systems (ICCCAS), 2010 International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-8224-5
DOI :
10.1109/ICCCAS.2010.5581993
