End-to-End Web Application Security

13 years 8 months ago
End-to-End Web Application Security
Web applications are important, ubiquitous distributed systems whose current security relies primarily on server-side mechanisms. This paper makes the end-toend argument that the client and server must collaborate to achieve security goals, to eliminate common security exploits, and to secure the emerging class of rich, crossdomain Web applications referred to as Web 2.0. In order to support end-to-end security, Web clients must be enhanced. We introduce Mutation-Event Transforms: an easy-to-use client-side mechanism that can enforce even fine-grained, application-specific security policies, and whose implementation requires only straightforward changes to existing Web browsers. We give numerous examples of attractive, new security policies that demonstrate the advantages of end-to-end Web application security and of our proposed mechanism.
Úlfar Erlingsson, V. Benjamin Livshits, Yin
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2007
Authors Úlfar Erlingsson, V. Benjamin Livshits, Yinglian Xie
Comments (0)