Output details
11 - Computer Science and Informatics
Imperial College London
Object Capabilities and Isolation of Untrusted Web Applications
<19>Acceptance: 11%/237.
This paper proposes a technique for building secure web pages using components loaded from domains enjoying different levels of trust (web mashups).
The idea is to constrain components to access resources using unforgeable permissions (capabilities) distributed by the page owner. Components with disjoint capabilities cannot interfere with each other.
We validated our approach by showing that the Google subset of JavaScript is safe and by discovering violations of the isolation policy for Facebook applications.
Coauthor Taly obtained Google internship and now works in Google Security group, which Maffeis visited May'13.