Approaches for safe execution of JavaScript on web pages have been a topic of recent research interest. A significant number of these approaches aim to provide safety through runtime mediation of accesses made by a JavaScript program. In this paper, we propose a novel, lightweight JavaScript transformation technique for enforcing security properties on untrusted JavaScript programs using source code interposition. Our approach assures namespace isolation between several principals within a single web page, and access control for sensitive browser interfaces. This access control mechanism is based on a whitelist approach to ensure soundness of the mediation. Our technique is lightweight, resulting in low run-time overhead compared to existing solutions such as BrowserShield and Caja. © 2013 Springer-Verlag.
CITATION STYLE
Ter Louw, M., Phung, P. H., Krishnamurti, R., & Venkatakrishnan, V. N. (2013). SafeScript: JavaScript transformation for policy enforcement. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8208 LNCS, pp. 67–83). Springer Verlag. https://doi.org/10.1007/978-3-642-41488-6_5
Mendeley helps you to discover research relevant for your work.