ScriptChecker: To tame third-party script execution with task capabilities
We present ScriptChecker, a novel browser-based framework to effectively and efficiently restrict third-party script execution according to the host web page’s directives. Different from all existing schemes functioning at the JavaScript layer, ScriptChecker holistically harnesses context separation...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/6872 https://ink.library.smu.edu.sg/context/sis_research/article/7875/viewcontent/scriptchecker_ndss22.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-7875 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-78752022-02-07T11:08:12Z ScriptChecker: To tame third-party script execution with task capabilities LUO, Wu DING, Xuhua WU, Pengfei ZHANG, Xiaolei SHEN, Qingni WU, Zhonghai We present ScriptChecker, a novel browser-based framework to effectively and efficiently restrict third-party script execution according to the host web page’s directives. Different from all existing schemes functioning at the JavaScript layer, ScriptChecker holistically harnesses context separation and the browser’s security monitors to enforce on-demand access controls upon tasks executing untrusted code. The host page can flexibly assign resource-access capabilities to tasks upon their creation. Reaping the benefits of the task capability approach, ScriptChecker outperforms existing techniques in security, usability and performance. We have implemented a prototype of ScriptChecker on Chrome and rigorously evaluated its security against 1373 malicious scripts and its usability with empirical studies upon top-1000 sites. The experimental results show that its strong security strength and ease-of-use are attained at the cost of unnoticeable performance loss. It incurs about 0.2 microseconds overhead to mediate a DOM access, and 5% delay when loading popular JS graphics and utility libraries. 2022-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6872 https://ink.library.smu.edu.sg/context/sis_research/article/7875/viewcontent/scriptchecker_ndss22.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Databases and Information Systems |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Databases and Information Systems |
| spellingShingle |
Databases and Information Systems LUO, Wu DING, Xuhua WU, Pengfei ZHANG, Xiaolei SHEN, Qingni WU, Zhonghai ScriptChecker: To tame third-party script execution with task capabilities |
| description |
We present ScriptChecker, a novel browser-based framework to effectively and efficiently restrict third-party script execution according to the host web page’s directives. Different from all existing schemes functioning at the JavaScript layer, ScriptChecker holistically harnesses context separation and the browser’s security monitors to enforce on-demand access controls upon tasks executing untrusted code. The host page can flexibly assign resource-access capabilities to tasks upon their creation. Reaping the benefits of the task capability approach, ScriptChecker outperforms existing techniques in security, usability and performance. We have implemented a prototype of ScriptChecker on Chrome and rigorously evaluated its security against 1373 malicious scripts and its usability with empirical studies upon top-1000 sites. The experimental results show that its strong security strength and ease-of-use are attained at the cost of unnoticeable performance loss. It incurs about 0.2 microseconds overhead to mediate a DOM access, and 5% delay when loading popular JS graphics and utility libraries. |
| format |
text |
| author |
LUO, Wu DING, Xuhua WU, Pengfei ZHANG, Xiaolei SHEN, Qingni WU, Zhonghai |
| author_facet |
LUO, Wu DING, Xuhua WU, Pengfei ZHANG, Xiaolei SHEN, Qingni WU, Zhonghai |
| author_sort |
LUO, Wu |
| title |
ScriptChecker: To tame third-party script execution with task capabilities |
| title_short |
ScriptChecker: To tame third-party script execution with task capabilities |
| title_full |
ScriptChecker: To tame third-party script execution with task capabilities |
| title_fullStr |
ScriptChecker: To tame third-party script execution with task capabilities |
| title_full_unstemmed |
ScriptChecker: To tame third-party script execution with task capabilities |
| title_sort |
scriptchecker: to tame third-party script execution with task capabilities |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/6872 https://ink.library.smu.edu.sg/context/sis_research/article/7875/viewcontent/scriptchecker_ndss22.pdf |
| _version_ |
1770576110724055040 |