A resource management approach to web browser security

While today´s web browsers support multiple principals (i.e., web frames with embedded JavaScript code, or plugins) from many different origins at the same time, they do not have a clear resource management model, and the loose control on resource access has led to various types of web-based attacks. In this paper, we present a resource management framework for web browsers that allows both users of a web browser and the owner of a web page to specify their resource access control policies - which are then enforced by the framework´s resource reference monitor. With our resource management framework, a web browser can become more secure, and we show that popular web attacks such as frame hijacking, cross-site request forgery, and DNS rebinding attacks, can all be addressed easily by deploying correct security policies. We also discuss how our resource management approach may be deployed and what a new paradigm it can bring to counter web-based attacks.