Sökning: onr:"swepub:oai:gup.ub.gu.se/220407" >
Between Worlds: Sec...
Between Worlds: Securing Mixed JavaScript/ActionScript Multi-Party Web Content
-
- Phung, Phu, 1979 (författare)
- Gothenburg University,Göteborgs universitet,Institutionen för data- och informationsteknik (GU),Department of Computer Science and Engineering (GU),University of Gothenburg
-
- Monshizadeh, M. (författare)
- University of Illinois,The University of North Carolina at Charlotte
-
Sridhar, M. (författare)
-
visa fler...
-
- Hamlen, K. W. (författare)
- University of Texas at Dallas
-
- Venkatakrishnan, V. N. (författare)
- University of Illinois
-
visa färre...
-
(creator_code:org_t)
- Institute of Electrical and Electronics Engineers (IEEE), 2015
- 2015
- Engelska.
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - : Institute of Electrical and Electronics Engineers (IEEE). - 1545-5971 .- 1941-0018. ; 12:4, s. 443-457
- Relaterad länk:
-
https://doi.org/10.1...
-
visa fler...
-
http://dx.doi.org/10...
-
https://gup.ub.gu.se...
-
https://doi.org/10.1...
-
https://research.cha...
-
visa färre...
Abstract
Ämnesord
Stäng
- Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of dynamic features unique to each platform has popularized it for myriad web development projects. Although Flash and JavaScript security has been examined extensively, the security of untrusted content that combines both has received considerably less attention. This article considers this fusion in detail, outlining several practical scenarios that threaten the security of web applications. The severity of these attacks warrants the development of new techniques that address the security of Flash-JavaScript content considered as a whole, in contrast to prior solutions that have examined Flash or JavaScript security individually. Toward this end, the article presents FlashJaX, a cross-platform solution that enforces fine-grained, history-based policies that span both Flash and JavaScript. Using in-lined reference monitoring, FlashJaX safely embeds untrusted JavaScript and Flash content in web pages without modifying browser clients or using special plug-ins. The architecture of FlashJaX, its design and implementation, and a detailed security analysis are exposited. Experiments with advertisements from popular ad networks demonstrate that FlashJaX is transparent to policy-compliant advertisement content, yet blocks many common attack vectors that exploit the fusion of these web platforms.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Programvaruteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Software Engineering (hsv//eng)
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datorteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Engineering (hsv//eng)
Nyckelord
- Access controls
- ActionScript
- Flash
- in-lined reference monitors
- JavaScript
- online advertising
- in-lined reference monitors
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas