Commands
Search pubs
Quick search by ...
|
Fine-Grained Privilege Separation for Web ApplicationsAdrian Mettler, David Wagner, Akshay Krishnamurthy
Citation
Adrian Mettler, David Wagner, Akshay Krishnamurthy. "Fine-Grained Privilege Separation for Web Applications". World Wide Web Confererence, IW3C2, April, 2010.
Abstract
We present a programming model for building web applications with security properties that can be confidently verified during a security review. In our model, applications are divided into isolated, privilege-separated components, enabling rich security policies to be enforced in a way that can be checked by reviewers. In
our model, the web framework enforces privilege separation and isolation of web applications by requiring the use of an object-capability language and providing interfaces that expose limited, explicitly-specified privileges to application components. This approach restricts what each component of the application can do and
quarantines buggy or compromised code. It also provides a way to more safely integrate third-party, less-trusted code into a web application. We have implemented a prototype of this model based upon the Java Servlet framework and used it to build a webmail application. Our experience with this example suggests that the approach
is viable and helpful at establishing reviewable application-specific security properties.
Electronic downloads
- HTML
Adrian Mettler, David Wagner, Akshay Krishnamurthy. <a
href="http://www.truststc.org/pubs/653.html"
>Fine-Grained Privilege Separation for Web
Applications</a>, World Wide Web Confererence, IW3C2,
April, 2010.
- Plain text
Adrian Mettler, David Wagner, Akshay Krishnamurthy.
"Fine-Grained Privilege Separation for Web
Applications". World Wide Web Confererence, IW3C2,
April, 2010.
- BibTeX
@inproceedings{MettlerWagnerKrishnamurthy10_FineGrainedPrivilegeSeparationForWebApplications,
author = {Adrian Mettler and David Wagner and Akshay
Krishnamurthy},
title = {Fine-Grained Privilege Separation for Web
Applications},
booktitle = {World Wide Web Confererence},
organization = {IW3C2},
month = {April},
year = {2010},
abstract = {We present a programming model for building web
applications with security properties that can be
confidently verified during a security review. In
our model, applications are divided into isolated,
privilege-separated components, enabling rich
security policies to be enforced in a way that can
be checked by reviewers. In our model, the web
framework enforces privilege separation and
isolation of web applications by requiring the use
of an object-capability language and providing
interfaces that expose limited,
explicitly-specified privileges to application
components. This approach restricts what each
component of the application can do and
quarantines buggy or compromised code. It also
provides a way to more safely integrate
third-party, less-trusted code into a web
application. We have implemented a prototype of
this model based upon the Java Servlet framework
and used it to build a webmail application. Our
experience with this example suggests that the
approach is viable and helpful at establishing
reviewable application-specific security
properties. },
URL = {http://www.truststc.org/pubs/653.html}
}
Posted by Adrian Mettler on 19 Feb 2010.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org..
Notice:
This material is presented to ensure timely dissemination of scholarly
and technical work. Copyright and all rights therein are retained by
authors or by other copyright holders. All persons copying this
information are expected to adhere to the terms and constraints
invoked by each author's copyright.
|
