Contego: Capability-based access control for web browsers (Short paper)

Tongbo Luo, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

7 Scopus citations


Over the last two decades, the Web has significantly transformed our lives. Along with the increased activities on the Web come the attacks. A recent report shows that 83% of web sites have had at least one serious vulnerability. As the Web becomes more and more sophisticated, the number of vulnerable sites is unlikely to decrease. A fundamental cause of these vulnerabilities is the inadequacy of the browser's access control model in dealing with the features in today's Web. We need better access control models for browsers. Today's web pages behave more and more like a system, with dynamic elements interacting with one another within each web page. A well-designed access control model is needed to mediate these interactions to ensure security. The capability-based access control model has many properties that are desirable for the Web. This paper designs a capability-based access control model for web browsers. We demonstrate how such a model can be beneficial to the Web, and how common vulnerabilities can be easily prevented using this model. We have implemented this model in the Google Chrome browser.

Original languageEnglish (US)
Title of host publicationTrust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings
PublisherSpringer Verlag
Number of pages8
ISBN (Print)9783642215988
StatePublished - 2011
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6740 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Contego: Capability-based access control for web browsers (Short paper)'. Together they form a unique fingerprint.

Cite this