MySecPol: A Client-Side Policy Language for Safe and Secure Browsing

Abstract

Web browsers handle content from different sources making them prone to various attacks. Currently, users rely either on web developers or on different browser extensions for protection against different attacks. In this paper, we propose a simple architecture for defining client-side policy using a policy language MySecPol. The client-side policy gives the users control over the content being served to them. Users can define their policy independent of the browser or the Operating System (OS). The policy is then realized by integrating it into the browser with appropriate mechanisms. The policy specification can combine various security mechanisms providing a robust protection. We describe an implementation of MySecPol as a Chromium extension. We also show how several of the existing approaches are captured as instances of MySecPol. We have further evaluated the system with real-world websites for testing soundness of the approach by checking the functionality of these sites relative to different policies. We have also compared our system with several related works.