Sciweavers

Share
WWW
2010
ACM

Alhambra: a system for creating, enforcing, and testing browser security policies

12 years 9 months ago
Alhambra: a system for creating, enforcing, and testing browser security policies
Alhambra is a browser-based system designed to enforce and test web browser security policies. At the core of Alhambra is a policyenhanced browser supporting fine-grain security policies that restrict web page contents and execution. Alhambra requires no server-side modifications or additions to the web application. Policies can restrict the construction of the document as well as the execution of JavaScript using access control rules and a taint-tracking engine. Using the Alhambra browser, we present two security policies that we have built using our architecture, both designed to prevent cross-site scripting. The first policy uses a taint-tracking engine to prevent cross-site scripting attacks that exploit bugs in the client-side of the web applications. The second one uses browsing history to create policies that restrict the contents of documents and prevent the inclusion of malicious content. Using Alhambra we analyze the impact of policies on the compatibility of web pages. T...
Shuo Tang, Chris Grier, Onur Aciiçmez, Samu
Added 13 May 2010
Updated 13 May 2010
Type Conference
Year 2010
Where WWW
Authors Shuo Tang, Chris Grier, Onur Aciiçmez, Samuel T. King
Comments (0)
books