Till sidans topp

Sidansvarig: Webbredaktion
Sidan uppdaterades: 2012-09-11 15:12

Tipsa en vän
Utskriftsversion

Between Worlds: Securing … - Göteborgs universitet Till startsida
Webbkarta
Till innehåll Läs mer om hur kakor används på gu.se

Between Worlds: Securing Mixed JavaScript/ActionScript Multi-Party Web Content

Artikel i vetenskaplig tidskrift
Författare Phu H. Phung
M. Monshizadeh
M. Sridhar
K. W. Hamlen
V. N. Venkatakrishnan
Publicerad i IEEE Transactions on Dependable and Secure Computing
Volym 12
Nummer/häfte 4
Sidor 443-457
ISSN 1545-5971
Publiceringsår 2015
Publicerad vid Institutionen för data- och informationsteknik (GU)
Sidor 443-457
Språk en
Länkar dx.doi.org/10.1109/tdsc.2014.235584...
Ämnesord Access controls, ActionScript, Flash, in-lined reference monitors, JavaScript, online advertising
Ämneskategorier Datorteknik, Programvaruteknik

Sammanfattning

Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of dynamic features unique to each platform has popularized it for myriad web development projects. Although Flash and JavaScript security has been examined extensively, the security of untrusted content that combines both has received considerably less attention. This article considers this fusion in detail, outlining several practical scenarios that threaten the security of web applications. The severity of these attacks warrants the development of new techniques that address the security of Flash-JavaScript content considered as a whole, in contrast to prior solutions that have examined Flash or JavaScript security individually. Toward this end, the article presents FlashJaX, a cross-platform solution that enforces fine-grained, history-based policies that span both Flash and JavaScript. Using in-lined reference monitoring, FlashJaX safely embeds untrusted JavaScript and Flash content in web pages without modifying browser clients or using special plug-ins. The architecture of FlashJaX, its design and implementation, and a detailed security analysis are exposited. Experiments with advertisements from popular ad networks demonstrate that FlashJaX is transparent to policy-compliant advertisement content, yet blocks many common attack vectors that exploit the fusion of these web platforms.

Sidansvarig: Webbredaktion|Sidan uppdaterades: 2012-09-11
Dela:

På Göteborgs universitet använder vi kakor (cookies) för att webbplatsen ska fungera på ett bra sätt för dig. Genom att surfa vidare godkänner du att vi använder kakor.  Vad är kakor?