Protecting Private Web Content from Embedded Scripts

10 years 1 months ago
Protecting Private Web Content from Embedded Scripts
Many web pages display personal information provided by users. The goal of this work is to protect that content from untrusted scripts that are embedded in host pages. We present a browser modification that provides fine-grained control over what parts of a document are visible to different scripts, and executes untrusted scripts in isolated environments where private information is not accessible. To ease deployment, we present a method for automatically inferring what nodes in a web page contain private content. This paper describes how we modify the Chromium browser to enforce newly defined security policies, presents our automatic policy generation method, and reports on experiments inferring and enforcing privacy policies for a variety of web applications.
Yuchen Zhou, David Evans
Added 20 Dec 2011
Updated 20 Dec 2011
Type Journal
Year 2011
Authors Yuchen Zhou, David Evans
Comments (0)