Date of Award

5-30-2012

Document Type

Thesis (Undergraduate)

Department

Department of Computer Science

First Advisor

Sergey Bratus

Second Advisor

Sean W. Smith

Abstract

Browser security revolves around the same-origin policy, but it does not defend against all attacks as evidenced by the prevalence of cross-site scripting attacks. Rather than solve that attack in particular, I have opted for a more general solution. I have modified WebKit to allow data flow tracking via labels and to allow security-sensitive operations to be allowed or denied from JavaScript.

Comments

Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2014-750.

Share

COinS