By Topic

Secure Web scripting

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Anupam, V. ; Lucent Lab., AT&T Bell Labs., Murray Hill, NJ, USA ; Mayer, A.

Current Web scripting languages lack an explicit security model. The model proposed in the article has been implemented for JavaScript in the Mozilla browser source code; it is realized by a “safe” interpreter and based on three basic building blocks: access control, to regulate what data a script can access on a user's machine and in what mode; independence of contexts, to ensure that two scripts executing in different contexts (for example, simultaneously in different browser windows or sequentially in the same browser window) cannot access each other's data at will; and trust management, to regulate how trust is established and terminated among scripts executing simultaneously in different contexts. We also advocate a clear separation between a security policy and an implementation. Different users require different degrees of privacy and security, which translate to different degrees of flexibility when interacting with a Web server; these differences can be expressed in different security policies. A sound implementation, however, should be universally applicable. These are principles that first appeared decades ago in work on secure operating systems

Published in:

Internet Computing, IEEE  (Volume:2 ,  Issue: 6 )