Sciweavers

CCS
2008
ACM

SOMA: mutual approval for included content in web pages

14 years 1 months ago
SOMA: mutual approval for included content in web pages
Unrestricted information flows are a key security weakness of current web design. Cross-site scripting, cross-site request forgery, and other attacks typically require that information be sent or retrieved from arbitrary, often malicious, web servers. In this paper we propose Same Origin Mutual Approval (SOMA), a new policy for controlling information flows that prevents common web vulnerabilities. By requiring site operators to specify approved external domains for sending or receiving information, and by requiring those external domains to also approve interactions, we prevent page content from being retrieved from malicious servers and sensitive information from being communicated to an attacker. SOMA is compatible with current web applications and is incrementally deployable, providing immediate benefits for clients and servers that implement it. SOMA has an overhead of one additional HTTP request per domain accessed and can be implemented with minimal effort by application and we...
Terri Oda, Glenn Wurster, Paul C. van Oorschot, An
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Terri Oda, Glenn Wurster, Paul C. van Oorschot, Anil Somayaji
Comments (0)