Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Workshop Organizers
  • Technical Sessions
  • Hotel & Travel Information
  • Sponsors
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor
Bronze Sponsor
Bronze Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Toward Principled Browser Security
Tweet

connect with us

http://www.twitter.com/usenix
https://www.facebook.com/usenixassociation
https://plus.google.com/108588319090208187909/posts
http://www.linkedin.com/groups?home=&gid=49559
http://www.youtube.com/user/USENIXAssociation

Toward Principled Browser Security

Authors: 

Edward Yang, Deian Stefan, John Mitchell, and David Mazières, Stanford University; Petr Marchenko and Brad Karp, University College London

Abstract: 

To ensure the confidentiality and integrity of web content, modern web browsers enforce isolation between content and scripts from different domains with the same-origin policy (SOP). However, many web applications require cross-origin sharing of code and data. This conflict between isolation and sharing has led to an ad hoc implementation of the SOP that has proven vulnerable to such attacks as cross-site scripting, cross-site request forgery, and browser privacy leaks. In this paper, we argue that information flow control (IFC) not only subsumes the same-origin policy but is also more flexible and sound. IFC not only provides stronger confidentiality and integrity for today’s web sites, but also better supports complex sites such as mashups, which are notoriously difficult to implement securely under the SOP.

Edward Yang, Stanford University

Deian Stefan, Stanford University

John Mitchell, Stanford University

David Mazières, Stanford University

Petr Marchenko, University College London

Brad Karp, University College London

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {181959,
author = {Edward Yang and Deian Stefan and John Mitchell and David Mazi{\`e}res and Petr Marchenko and Brad Karp},
title = {Toward Principled Browser Security},
booktitle = {14th Workshop on Hot Topics in Operating Systems (HotOS XIV)},
year = {2013},
address = {Santa Ana Pueblo, NM},
url = {https://www.usenix.org/conference/hotos13/session/yang},
publisher = {USENIX Association},
month = may,
}
Download
Yang PDF
  • Log in or    Register to post comments

Bronze Sponsors

© USENIX

  • Privacy Policy
  • Contact Us