Protecting sensitive web content from client-side vulnerabilities with CRYPTONS | |
Dong, Xinshu ; Chen, Zhaofeng ; Siadati, Hossein ; Tople, Shruti ; Saxena, Prateek ; Liang, Zhenkai | |
2013 | |
英文摘要 | Web browsers isolate web origins, but do not provide direct abstractions to isolate sensitive data and control computation over it within the same origin. As a result, guaranteeing security of sensitive web content requires trusting all code in the browser and client-side applications to be vulnerability-free. In this paper, we propose a new abstraction, called Crypton, which supports intra-origin control over sensitive data throughout its life cycle. To securely enforce the semantics of Cryptons, we develop a standalone component called Crypton-Kernel, which extensively leverages the functionality of existing web browsers without relying on their large TCB. Our evaluation demonstrates that the Crypton abstraction supported by the Crypton-Kernel is widely applicable to popular real-world applications with millions of users, including webmail, chat, blog applications, and Alexa Top 50 websites, with low performance overhead. ? 2013 ACM.; EI; 0 |
语种 | 英语 |
DOI标识 | 10.1145/2508859.2516743 |
内容类型 | 其他 |
源URL | [http://ir.pku.edu.cn/handle/20.500.11897/407249] |
专题 | 信息科学技术学院 |
推荐引用方式 GB/T 7714 | Dong, Xinshu,Chen, Zhaofeng,Siadati, Hossein,et al. Protecting sensitive web content from client-side vulnerabilities with CRYPTONS. 2013-01-01. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论