Information-Flow-Based Access Control for Web Browsers
Summary :
The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
- Publication
- IEICE TRANSACTIONS on Information Vol.E92-D No.5 pp.836-850
- Publication Date
- 2009/05/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.E92.D.836
- Type of Manuscript
- Special Section PAPER (Special Section on Information and Communication System Security)
- Category
- Authentication and Authorization Techniques
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Sachiko YOSHIHAMA, Takaaki TATEISHI, Naoshi TABUCHI, Tsutomu MATSUMOTO, "Information-Flow-Based Access Control for Web Browsers" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 5, pp. 836-850, May 2009, doi: 10.1587/transinf.E92.D.836.
Abstract: The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.836/_p
Copy
@ARTICLE{e92-d_5_836,
author={Sachiko YOSHIHAMA, Takaaki TATEISHI, Naoshi TABUCHI, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Information-Flow-Based Access Control for Web Browsers},
year={2009},
volume={E92-D},
number={5},
pages={836-850},
abstract={The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.},
keywords={},
doi={10.1587/transinf.E92.D.836},
ISSN={1745-1361},
month={May},}
Copy
TY - JOUR
TI - Information-Flow-Based Access Control for Web Browsers
T2 - IEICE TRANSACTIONS on Information
SP - 836
EP - 850
AU - Sachiko YOSHIHAMA
AU - Takaaki TATEISHI
AU - Naoshi TABUCHI
AU - Tsutomu MATSUMOTO
PY - 2009
DO - 10.1587/transinf.E92.D.836
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E92-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2009
AB - The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
ER -
English
