Sciweavers

EUROSYS
2010
ACM

Residue objects: a challenge to web browser security

14 years 5 months ago
Residue objects: a challenge to web browser security
A complex software system typically has a large number of objects in the memory, holding references to each other to implement an object model. Deciding when the objects should be alive/active is non-trivial, but the decisions can be security-critical. This is especially true for web browsers: if certain browser objects do not disappear when the new page is switched in, basic security properties can be compromised, such as visual integrity, document integrity and memory safety. We refer to these browser objects as residue objects. Serious security vulnerabilities due to residue objects have been sporadically discovered in leading browser products in the past, such as IE, Firefox and Safari. However, this class of vulnerabilities has not been studied in the research literature. Our work is motivated by two questions: (1) what are the challenges imposed by residue objects on the browser’s logic correctness; (2) how prevalent can these vulnerabilities be in today’s commodity browsers...
Shuo Chen, Hong Chen, Manuel Caballero
Added 10 Jul 2010
Updated 10 Jul 2010
Type Conference
Year 2010
Where EUROSYS
Authors Shuo Chen, Hong Chen, Manuel Caballero
Comments (0)