You are in : Home » Results & submissions » Select UOA » 11 - Computer Science and Informatics » View submission: Imperial College London » Outputs » Detail

Output details

11 - Computer Science and Informatics

Imperial College London

Return to search Previous output Next output

Output 125 of 201 in the submission

Output title

Object Capabilities and Isolation of Untrusted Web Applications

Type

E - Conference contribution

DOI

10.1109/SP.2010.16

Name of conference/published proceedings

Symposium on Security and Privacy

Volume number

Issue number

First page of article

125

ISSN of proceedings

1081-6011

Year of publication

2010

URL

Number of additional authors

Additional information

<19>Acceptance: 11%/237.

This paper proposes a technique for building secure web pages using components loaded from domains enjoying different levels of trust (web mashups).

The idea is to constrain components to access resources using unforgeable permissions (capabilities) distributed by the page owner. Components with disjoint capabilities cannot interfere with each other.

We validated our approach by showing that the Google subset of JavaScript is safe and by discovering violations of the isolation policy for Facebook applications.

Coauthor Taly obtained Google internship and now works in Google Security group, which Maffeis visited May'13.

Interdisciplinary

Cross-referral requested

Research group

E - Programming Languages and Systems

Citation count

Proposed double-weighted

Double-weighted statement

Reserve for a double-weighted output

Non-English

English abstract