Data-Confined HTML5 Applications
نویسندگان
چکیده
Rich client-side applications written in HTML5 proliferate on diverse platforms, access sensitive data, and need to maintain dataconfinement invariants. Applications currently enforce these invariants using implicit, ad-hoc mechanisms. We propose a new primitive called a data-confined sandbox or DCS. A DCS enables complete mediation of communication channels with a small TCB. Our primitive extends currently standardized primitives and has negligible performance overhead and a modest compatibility cost. We retrofit our design on four real-world HTML5 applications and demonstrate that a small amount of effort enables strong data-confinement guarantees.
منابع مشابه
The Future of Mobile E-health Application Development: Exploring HTML5 for Context-aware Diabetes Monitoring
According to predictions of information technology research and advisory firms, such as Gartner, hybrid HTML5 applications will be the future for mobile application development. In this paper, we explore the feasibility of using HTML5 and related web application standards for the development of mobile e-health applications, using a diabetes monitoring application as a practical use case. Contex...
متن کاملAn investigation into possible attacks on HTML5 IndexedDB and their prevention
over the past 20 years web browsers have changed considerably from being a simple text display to now supporting complex multimedia applications [1]. The client can now enjoy chatting, playing games and Internet banking. All these applications have something in common, they can be run on multiple platforms and in some cases they will run offline. With the introduction of HTML5 this evolution wi...
متن کاملVulnerability of Web-Storage in HTML5 for Web and Mobile Application
HTML5 is not a new version of the existing markup language, but a new paradigm for developing web and mobile applications where various new concepts are introduced to improve compatibility and usability. Web-Storage is the one of new features in HTML5 that enables effective client-side storage and retrieval of the frequently used data. However, it has significant security problems which need to...
متن کاملHTML 5 vs . Adobe Flash : From the End User
For NetApp products to be the best in the market, NetApp has to make the correct technology decisions to insure it leads in innovation. In this thesis, I focus on a product called NetApp Unified Manager, examining whether HTML5 satisfies its needs. I evaluate NetApp from a user's perspective using four criteria: data visualization and customization, platform, NetApp's special needs, and interop...
متن کامل