For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Differences in Visual Programming for GIS
p.355
Quick Task Queue Management Software Design
p.359
Implementing Trustworthy Service Flow Based on Improved HQPSO Algorithm
p.363
A Hardware Sandbox Using Processor Virtualization for Untrusted Native Code
p.368
UOFilter: A Whitelist-Based Filter for Unintended Objects in Web Pages
p.373
Realization of a 3D Model Render on Mobile Terminal Based on X3D
p.377
For Search Engine Optimization Strategy Analysis of Website Design
p.383
Parameterized Test Using Formal Semantic of Program Language
p.387
Technique of Javascript Code Obfuscation Based on Control Flow Tansformations
p.391

UOFilter: A Whitelist-Based Filter for Unintended Objects in Web Pages

Article Preview

Abstract:

A web page often contains objects that the hosted web server intends a browser to render. Rendering those objects can instruct network requests to foreign origins. Although the same origin policy (SOP) limits the access for foreign objects, web attackers could circumvent the SOP controls through injected unintended objects for sensitive data smuggling. In this paper, we propose UOFilter, a whitelist-based method to filter out unintended objects in web pages. We define a list item structure to describe intended objects with optional integrity guarantees. The UOFilter in a web browser interprets the items and blocks the network requests issued by those unintended objects. We implement a proof of concept UOFilter prototype as a chrome browser extension and validate it with experiments.

You might also be interested in these eBooks
Computer and Information Technology View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 519-520)

Pages:

373-376

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.519-520.373

Citation:

Cite this paper

Online since:

February 2014

Authors:

Yi Tang*, Zhao Kai Luo, Ji Zhang

Keywords:

Filter, Unintended Object, Web Application Security

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] M. Gundy, H. Chen. Noncespaces: Using randomization to enforce information flow tracking and thwart cross site scripting attacks. in: Proceedings of NDSS'09, (2009).

DOI: 10.1016/j.cose.2011.12.004

Google Scholar

[2] M. Louw, V. Venkatakrishnan. Blueprint: Robust prevention of cross-site scripting attacks for existing browsers. in: Proceedings of IEEE S&P'09, (2009).

DOI: 10.1109/sp.2009.33

Google Scholar

[3] T. Oda, G. Wurster, P. Oorschot, Anil Somayaji. SOMA: mutual approval for included content in web pages. in: Proceedings of ACM CCS'08, 89-98, (2008).

DOI: 10.1145/1455770.1455783

Google Scholar

[4] P. Saxena, D. Song, Y. Nadji. Document structure integrity: A robust basis for cross-site scripting defense. in: Proceedings of NDSS'09. (2009).

Google Scholar

[5] P. Saxena, D. Molnar, B. Livshits. SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications. in: Proceedings of ACM CCS'11, 601-614, (2011).

DOI: 10.1145/2046707.2046776

Google Scholar

[6] P. Vogt, F. Nentwich, N. Jovanovic, et al,. Cross site scripting prevention with dynamic data tainting and static analysis. in: Proceedings of NDSS'07, (2007).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.