Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSYS
2009
ACM
2009
ACM
Privacy-preserving browser-side scripting with BFlow
Some web sites provide interactive extensions using browser scripts, often without inspecting the scripts to verify that they are benign and bug-free. Others handle users’ confidential data and display it via the browser. Such new features contribute to the power of online services, but their combination would allow attackers to steal confidential data. This paper presents BFlow, a security system that uses information flow control to allow the combination while preventing attacks on data confidentiality. BFlow allows untrusted JavaScript to compute with, render, and store confidential data, while preventing leaks of that data. BFlow tracks confidential data as it flows within the browser, between scripts on a page and between scripts and web servers. Using these observations and assistance from participating web servers, BFlow prevents scripts that have seen confidential data from leaking it, all without disrupting the JavaScript communication techniques used in complex web...
Real-time TrafficBrowser Reference Monitor | Browser Scripts | EUROSYS 2009 | Party Javascript Extensions | System Software |
| Added | 10 Mar 2010 |
| Updated | 10 Mar 2010 |
| Type | Conference |
| Year | 2009 |
| Where | EUROSYS |
| Authors | Alexander Yip, Neha Narula, Maxwell N. Krohn, Robert Morris |
Comments (0)
Researcher Info
|
