Team for Research in
Ubiquitous Secure Technology

Fine-Grained Privilege Separation for Web Applications
Adrian Mettler, David Wagner, Akshay Krishnamurthy

Citation
Adrian Mettler, David Wagner, Akshay Krishnamurthy. "Fine-Grained Privilege Separation for Web Applications". World Wide Web Confererence, IW3C2, April, 2010.

Abstract
We present a programming model for building web applications with security properties that can be confidently verified during a security review. In our model, applications are divided into isolated, privilege-separated components, enabling rich security policies to be enforced in a way that can be checked by reviewers. In our model, the web framework enforces privilege separation and isolation of web applications by requiring the use of an object-capability language and providing interfaces that expose limited, explicitly-specified privileges to application components. This approach restricts what each component of the application can do and quarantines buggy or compromised code. It also provides a way to more safely integrate third-party, less-trusted code into a web application. We have implemented a prototype of this model based upon the Java Servlet framework and used it to build a webmail application. Our experience with this example suggests that the approach is viable and helpful at establishing reviewable application-specific security properties.

Electronic downloads

Citation formats  
  • HTML
    Adrian Mettler, David Wagner, Akshay Krishnamurthy. <a
    href="http://www.truststc.org/pubs/653.html"
    >Fine-Grained Privilege Separation for Web
    Applications</a>, World Wide Web Confererence, IW3C2,
    April, 2010.
  • Plain text
    Adrian Mettler, David Wagner, Akshay Krishnamurthy.
    "Fine-Grained Privilege Separation for Web
    Applications". World Wide Web Confererence, IW3C2,
    April, 2010.
  • BibTeX
    @inproceedings{MettlerWagnerKrishnamurthy10_FineGrainedPrivilegeSeparationForWebApplications,
        author = {Adrian Mettler and David Wagner and Akshay
                  Krishnamurthy},
        title = {Fine-Grained Privilege Separation for Web
                  Applications},
        booktitle = {World Wide Web Confererence},
        organization = {IW3C2},
        month = {April},
        year = {2010},
        abstract = {We present a programming model for building web
                  applications with security properties that can be
                  confidently verified during a security review. In
                  our model, applications are divided into isolated,
                  privilege-separated components, enabling rich
                  security policies to be enforced in a way that can
                  be checked by reviewers. In our model, the web
                  framework enforces privilege separation and
                  isolation of web applications by requiring the use
                  of an object-capability language and providing
                  interfaces that expose limited,
                  explicitly-specified privileges to application
                  components. This approach restricts what each
                  component of the application can do and
                  quarantines buggy or compromised code. It also
                  provides a way to more safely integrate
                  third-party, less-trusted code into a web
                  application. We have implemented a prototype of
                  this model based upon the Java Servlet framework
                  and used it to build a webmail application. Our
                  experience with this example suggests that the
                  approach is viable and helpful at establishing
                  reviewable application-specific security
                  properties. },
        URL = {http://www.truststc.org/pubs/653.html}
    }
    

Posted by Adrian Mettler on 19 Feb 2010.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.