The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
L'émergence des technologies Web 2.0 telles qu'Ajax et Mashup a révélé la faiblesse de la politique de même origine [1], la norme de facto actuelle pour le modèle de sécurité des navigateurs Web. Nous proposons un nouveau modèle de sécurité du navigateur pour permettre un contrôle d'accès précis dans les applications Web côté client pour des mashups sécurisés et des contenus générés par l'utilisateur. Nous proposons un modèle de sécurité du navigateur basé sur le contrôle d'accès basé sur le flux d'informations (IBAC) pour surmonter la nature dynamique des applications Web côté client et pour déterminer avec précision le privilège des scripts dans le modèle de programmation événementielle.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Sachiko YOSHIHAMA, Takaaki TATEISHI, Naoshi TABUCHI, Tsutomu MATSUMOTO, "Information-Flow-Based Access Control for Web Browsers" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 5, pp. 836-850, May 2009, doi: 10.1587/transinf.E92.D.836.
Abstract: The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.836/_p
Copier
@ARTICLE{e92-d_5_836,
author={Sachiko YOSHIHAMA, Takaaki TATEISHI, Naoshi TABUCHI, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Information-Flow-Based Access Control for Web Browsers},
year={2009},
volume={E92-D},
number={5},
pages={836-850},
abstract={The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.},
keywords={},
doi={10.1587/transinf.E92.D.836},
ISSN={1745-1361},
month={May},}
Copier
TY - JOUR
TI - Information-Flow-Based Access Control for Web Browsers
T2 - IEICE TRANSACTIONS on Information
SP - 836
EP - 850
AU - Sachiko YOSHIHAMA
AU - Takaaki TATEISHI
AU - Naoshi TABUCHI
AU - Tsutomu MATSUMOTO
PY - 2009
DO - 10.1587/transinf.E92.D.836
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E92-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2009
AB - The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy [1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.
ER -