Title :
A resource management approach to web browser security
Author :
Li, Jun ; Yu, Dongting ; Maurer, Luke
Author_Institution :
Univ. of Oregon, Eugene, OR, USA
fDate :
Jan. 30 2012-Feb. 2 2012
Abstract :
While today´s web browsers support multiple principals (i.e., web frames with embedded JavaScript code, or plugins) from many different origins at the same time, they do not have a clear resource management model, and the loose control on resource access has led to various types of web-based attacks. In this paper, we present a resource management framework for web browsers that allows both users of a web browser and the owner of a web page to specify their resource access control policies - which are then enforced by the framework´s resource reference monitor. With our resource management framework, a web browser can become more secure, and we show that popular web attacks such as frame hijacking, cross-site request forgery, and DNS rebinding attacks, can all be addressed easily by deploying correct security policies. We also discuss how our resource management approach may be deployed and what a new paradigm it can bring to counter web-based attacks.
Keywords :
authorisation; online front-ends; DNS rebinding attacks; Web browser security; Web page; Web-based attacks; cross-site request forgery; frame hijacking; framework resource reference monitor; resource access control policies; resource management approach; Access control; Browsers; Computer crime; Monitoring; Navigation; Resource management; web browser security; web reference monitor; web resource access control; web security;
Conference_Titel :
Computing, Networking and Communications (ICNC), 2012 International Conference on
Conference_Location :
Maui, HI
Print_ISBN :
978-1-4673-0008-7
Electronic_ISBN :
978-1-4673-0723-9
DOI :
10.1109/ICCNC.2012.6167512
