Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
USS
2008
2008
Securing Frame Communication in Browsers
Many web sites embed third-party content in frames, relying on the browser's security policy to protect them from malicious content. Frames, however, are often insufficient isolation primitives because most browsers let framed content manipulate other frames through navigation. We evaluate existing frame navigation policies and advocate a stricter policy, which we deploy in the opensource browsers. In addition to preventing undesirable interactions, the browser's strict isolation policy also hinders communication between cooperating frames. We analyze two techniques for inter-frame communication. The first method, fragment identifier messaging, provides confidentiality without authentication, which we repair using concepts from a well-known network protocol. The second method, postMessage, provides authentication, but we discover an attack that breaches confidentiality. We modify the postMessage API to provide confidentiality and see our modifications standardized and adopte...
Real-time TrafficBrowser's Security Policy | Browser's Strict Isolation | Insufficient Isolation Primitives | Operating System | USS 2008 |
Related Content
| Added | 02 Oct 2010 |
| Updated | 02 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | USS |
| Authors | Adam Barth, Collin Jackson, John C. Mitchell |
Comments (0)
Researcher Info
|
