The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
O surgimento de tecnologias Web 2.0, como Ajax e Mashup, revelou a fraqueza da política de mesma origem [1], o atual padrão de facto para o modelo de segurança do navegador Web. Propomos um novo modelo de segurança de navegador para permitir controle de acesso refinado nas aplicações Web do lado do cliente para mashup seguro e conteúdos gerados pelo usuário. Propomos um modelo de segurança de navegador baseado no controle de acesso baseado em fluxo de informações (IBAC) para superar a natureza dinâmica das aplicações Web do lado do cliente e determinar com precisão o privilégio de scripts no modelo de programação orientada a eventos.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Sachiko YOSHIHAMA, Takaaki TATEISHI, Naoshi TABUCHI, Tsutomu MATSUMOTO, "Information-Flow-Based Access Control for Web Browsers" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 5, pp. 836-850, May 2009, doi: 10.1587/transinf.E92.D.836.
Abstract: The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.836/_p
Copiar
@ARTICLE{e92-d_5_836,
author={Sachiko YOSHIHAMA, Takaaki TATEISHI, Naoshi TABUCHI, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Information-Flow-Based Access Control for Web Browsers},
year={2009},
volume={E92-D},
number={5},
pages={836-850},
abstract={The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.},
keywords={},
doi={10.1587/transinf.E92.D.836},
ISSN={1745-1361},
month={May},}
Copiar
TY - JOUR
TI - Information-Flow-Based Access Control for Web Browsers
T2 - IEICE TRANSACTIONS on Information
SP - 836
EP - 850
AU - Sachiko YOSHIHAMA
AU - Takaaki TATEISHI
AU - Naoshi TABUCHI
AU - Tsutomu MATSUMOTO
PY - 2009
DO - 10.1587/transinf.E92.D.836
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E92-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2009
AB - The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
ER -