We investigate non-interference (secure information flow) policies for web browsers, replacing or complementing the Same Origin Policy. First, we adapt a recently proposed dynamic information flow enforcement mechanism to support asynchronous I/O. We prove detailed security and precision results for this enforcement mechanism, and implement it for the Featherweight Firefox browser model. Second, we investigate three useful web browser security policies that can be enforced by our mechanism, and demonstrate their value and limitations.
|Title of host publication||Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011|
|Number of pages||8|
|Publication status||Published - 17 Nov 2011|
|Event||2011 5th International Conference on Network and System Security, NSS 2011 - Milan, Italy|
Duration: 6 Sep 2011 → 8 Sep 2011
|Conference||2011 5th International Conference on Network and System Security, NSS 2011|
|Period||6/09/11 → 8/09/11|