Skip to main content
SpringerLink
Log in

Access Control in and Around the Browser

  • Conference paper
Information Security Practice and Experience (ISPEC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8434))

  • 1775 Accesses

Abstract

We conduct an analysis of access control mechanisms in the browser and note that support for mashups and defences against cross-site scripting attacks are both moving from ad-hoc measures towards solutions where the browser enforces access control policies obtained from a host (CORS and CSP respectively). We also point out the degree of trust these solutions have to take for granted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barth, A., Jackson, C., Mitchell, J.C.: Securing frame communication in browsers. Communications of the ACM 52(6), 83–91 (2009)

    Article  Google Scholar 

  2. Barth, A., Veditz, D., West, M.: Content security policy 1.1. W3C Working Draft (January 2014), http://www.w3.org/TR/CSP11/

  3. Gasser, M., Goldstein, A., Kaufman, C., Lampson, B.: The Digital distributed system security architecture. In: Proceedings of the 1989 National Computer Security Conference (1989)

    Google Scholar 

  4. Gollmann, D.: Computer Security, 3rd edn. John Wiley & Sons, Chichester (2011)

    Google Scholar 

  5. Hardy, N.: The confused deputy. Operating Systems Reviews 22(4), 36–38 (1988)

    Article  Google Scholar 

  6. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)

    Article  Google Scholar 

  7. OASIS. eXtensible Access Control Markup Language (XACML) Version V3.0. Technical report, OASIS Standard (January 2013)

    Google Scholar 

  8. van Kesteren, A.: Cross-origin resource sharing. W3C Recommendation (January 2014), http://www.w3.org/TR/cors/

Download references

Author information

Authors and Affiliations

  1. Hamburg University of Technology, Germany

    Dieter Gollmann

Authors
  1. Dieter Gollmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematics and Computer Science, Fujian Normal University, No. 32 Shangsan Road, 350007, Fuzhou, China

    Xinyi Huang

  2. Infocom Security Department, Institute for Infocomm Research, 1 Fusionopolis Way, #21-01 Connexis, South Tower, 138632, Singapore, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Gollmann, D. (2014). Access Control in and Around the Browser. In: Huang, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2014. Lecture Notes in Computer Science, vol 8434. Springer, Cham. https://doi.org/10.1007/978-3-319-06320-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06320-1_1

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06319-5

  • Online ISBN: 978-3-319-06320-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation