Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NDSS
2009
IEEE
2009
IEEE
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
Cross-site scripting (or XSS) has been the most dominant class of web vulnerabilities in 2007. The main underlying reason for XSS vulnerabilities is that web markup and client-side languages do not provide principled mechanisms to ensure secure, ground-up isolation of user-generated data in web application code. In this paper, we develop a new approach that combines randomization of web application code and runtime tracking of untrusted data both on the server and the browser to combat XSS attacks. Our technique ensures a fundamental integrity property that prevents untrusted data from altering the structure of trusted code throughout the execution lifetime of the web application. We call this property document structure integrity (or DSI). Similar to prepared statements in SQL, DSI enforcement ensures automatic syntactic isolation of inline usergenerated data at the parser-level. This forms the basis for confinement of untrusted data in the web browser based on a server-specified p...
Real-time Traffic| Added | 21 May 2010 |
| Updated | 21 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | NDSS |
| Authors | Yacin Nadji, Prateek Saxena, Dawn Song |
Comments (0)
Researcher Info
|
