A Data Flow Tracker and Reference Monitor for WebKit and JavaScriptCore

Author

Andrew Bloomgarden, Dartmouth College

Date of Award

5-30-2012

Document Type

Thesis (Undergraduate)

Department or Program

Department of Computer Science

First Advisor

Sergey Bratus

Second Advisor

Sean W. Smith

Abstract

Browser security revolves around the same-origin policy, but it does not defend against all attacks as evidenced by the prevalence of cross-site scripting attacks. Rather than solve that attack in particular, I have opted for a more general solution. I have modified WebKit to allow data flow tracking via labels and to allow security-sensitive operations to be allowed or denied from JavaScript.

Comments

Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2014-750.

Recommended Citation

Bloomgarden, Andrew, "A Data Flow Tracker and Reference Monitor for WebKit and JavaScriptCore" (2012). Dartmouth College Undergraduate Theses. 88.
https://digitalcommons.dartmouth.edu/senior_theses/88