Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2010
IEEE
2010
IEEE
FIRM: capability-based inline mediation of Flash behaviors
The wide use of Flash technologies makes the security risks posed by Flash content an increasingly serious issue. Such risks cannot be effectively addressed by the Flash player, which either completely blocks Flash content's access to web resources or grants it unconstrained access. Efforts to mitigate this threat have to face the practical challenges that Adobe Flash player is closed source, and any changes to it need to be distributed to a large number of web clients. We demonstrate in this paper, however, that it is completely feasible to avoid these hurdles while still achieving fine-grained control of the interactions between Flash content and its hosting page. Our solution is FIRM, a system that embeds an inline reference monitor (IRM) within the web page hosting Flash content. The IRM effectively mediates the interactions between the content and DOM objects, and those between different Flash applications, using the capability tokens assigned by the web designer. FIRM can e...
Real-time TrafficACSAC 2010 | Flash | Flash Content | Flash Player | Security Privacy |
| Added | 10 Feb 2011 |
| Updated | 10 Feb 2011 |
| Type | Journal |
| Year | 2010 |
| Where | ACSAC |
| Authors | Zhou Li, XiaoFeng Wang |
Comments (0)
Researcher Info
|
