Adrian Mettler, David Wagner, Akshay Krishnamurthy
Citation
Adrian Mettler, David Wagner, Akshay Krishnamurthy. "Fine-Grained Privilege Separation for Web Applications". World Wide Web Confererence, IW3C2, April, 2010.
Abstract
We present a programming model for building web applications with security properties that can be confidently verified during a security review. In our model, applications are divided into isolated, privilege-separated components, enabling rich security policies to be enforced in a way that can be checked by reviewers. In
our model, the web framework enforces privilege separation and isolation of web applications by requiring the use of an object-capability language and providing interfaces that expose limited, explicitly-specified privileges to application components. This approach restricts what each component of the application can do and
quarantines buggy or compromised code. It also provides a way to more safely integrate third-party, less-trusted code into a web application. We have implemented a prototype of this model based upon the Java Servlet framework and used it to build a webmail application. Our experience with this example suggests that the approach
is viable and helpful at establishing reviewable application-specific security properties.
Electronic downloads
- http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf. (Copyright 2010 International World Wide Web Committee. Made available by the authors for personal or professional use.)
| Citation formats |
- HTML
Adrian Mettler, David Wagner, Akshay Krishnamurthy. <a href="http://www.truststc.org/pubs/653.html" >Fine-Grained Privilege Separation for Web Applications</a>, World Wide Web Confererence, IW3C2, April, 2010.
- Plain text
Adrian Mettler, David Wagner, Akshay Krishnamurthy. "Fine-Grained Privilege Separation for Web Applications". World Wide Web Confererence, IW3C2, April, 2010.
- BibTeX
@inproceedings{MettlerWagnerKrishnamurthy10_FineGrainedPrivilegeSeparationForWebApplications, author = {Adrian Mettler and David Wagner and Akshay Krishnamurthy}, title = {Fine-Grained Privilege Separation for Web Applications}, booktitle = {World Wide Web Confererence}, organization = {IW3C2}, month = {April}, year = {2010}, abstract = {We present a programming model for building web applications with security properties that can be confidently verified during a security review. In our model, applications are divided into isolated, privilege-separated components, enabling rich security policies to be enforced in a way that can be checked by reviewers. In our model, the web framework enforces privilege separation and isolation of web applications by requiring the use of an object-capability language and providing interfaces that expose limited, explicitly-specified privileges to application components. This approach restricts what each component of the application can do and quarantines buggy or compromised code. It also provides a way to more safely integrate third-party, less-trusted code into a web application. We have implemented a prototype of this model based upon the Java Servlet framework and used it to build a webmail application. Our experience with this example suggests that the approach is viable and helpful at establishing reviewable application-specific security properties. }, URL = {http://www.truststc.org/pubs/653.html} }
Posted by Adrian Mettler on 19 Feb 2010.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.