Sciweavers

Share
WWW
2010
ACM

Fine-grained privilege separation for web applications

11 years 6 months ago
Fine-grained privilege separation for web applications
We present a programming model for building web applications with security properties that can be confidently verified during a security review. In our model, applications are divided into isolated, privilege-separated components, enabling rich security policies to be enforced in a way that can be checked by reviewers. In our model, the web framework enforces privilege separation and isolation of web applications by requiring the use of an objectcapability language and providing interfaces that expose limited, explicitly-specified privileges to application components. This approach restricts what each component of the application can do and quarantines buggy or compromised code. It also provides a way to more safely integrate third-party, less-trusted code into a web application. We have implemented a prototype of this model based upon the Java Servlet framework and used it to build a webmail application. Our experience with this example suggests that the approach is viable and hel...
Akshay Krishnamurthy, Adrian Mettler, David Wagner
Added 14 May 2010
Updated 14 May 2010
Type Conference
Year 2010
Where WWW
Authors Akshay Krishnamurthy, Adrian Mettler, David Wagner
Comments (0)
books