|
|
Please login using the form on menu list.
It is required to login for Full-Text PDF.
|
Information-Flow-Based Access Control for Web Browsers
Sachiko YOSHIHAMA
Takaaki TATEISHI
Naoshi TABUCHI
Tsutomu MATSUMOTO
Publication
IEICE TRANSACTIONS on Information and Systems Vol.E92-D No.5 pp.836-850
Publication Date: 2009/05/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Authentication and Authorization Techniques
Keyword:
Web security,
browser security,
access control,
information-flow control,
Full Text: PDF(1.3MB)
Summary:
The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
|
|
