Contego: Capability-based access control for web browsers (Short paper)

Tongbo Luo, Wenliang Du

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Over the last two decades, the Web has significantly transformed our lives. Along with the increased activities on the Web come the attacks. A recent report shows that 83% of web sites have had at least one serious vulnerability. As the Web becomes more and more sophisticated, the number of vulnerable sites is unlikely to decrease. A fundamental cause of these vulnerabilities is the inadequacy of the browser's access control model in dealing with the features in today's Web. We need better access control models for browsers. Today's web pages behave more and more like a system, with dynamic elements interacting with one another within each web page. A well-designed access control model is needed to mediate these interactions to ensure security. The capability-based access control model has many properties that are desirable for the Web. This paper designs a capability-based access control model for web browsers. We demonstrate how such a model can be beneficial to the Web, and how common vulnerabilities can be easily prevented using this model. We have implemented this model in the Google Chrome browser.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages231-238
Number of pages8
Volume6740 LNCS
DOIs
StatePublished - 2011
Event4th International Conference on Trust and Trustworthy Computing, TRUST 2011 - Pittsburgh, PA, United States
Duration: Jun 22 2011Jun 24 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6740 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other4th International Conference on Trust and Trustworthy Computing, TRUST 2011
CountryUnited States
CityPittsburgh, PA
Period6/22/116/24/11

    Fingerprint

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Luo, T., & Du, W. (2011). Contego: Capability-based access control for web browsers (Short paper). In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6740 LNCS, pp. 231-238). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6740 LNCS). https://doi.org/10.1007/978-3-642-21599-5-17