Document Type
Article
Publication Date
4-22-2025
Publication Title
WWW '25: Proceedings of the ACM on Web Conference 2025
First Page
3171
Last Page
3182
DOI
https://doi.org/10.1145/3696410.371487
Abstract
JavaScript plays a crucial role on web. However, the inclusion of unknown, vulnerable, and malicious scripts on websites and in browser extensions and the use of browsers' developer tools often lead to undesired web content manipulations and data acquisitions. To restrict JavaScript operations on web content and data, we introduce a fine-grained, mandatory access control-based, and object-oriented permission system to browsers. With our system, web developers can define policies for sensitive web elements on their web pages to allow or deny scripts' operations on web content and data within browsers. The system substantially thwarts many web threats and attacks, and offers benefits to personal data governance. We developed a tool for automatic policy generation and demonstrated the usability and compatibility of the system in a three-month study. Our system is a reasonable and practical solution, bolstering the security and trustworthiness on the internet.
Recommended Citation
Zhao, Rui, "Beast in the Cage: A Fine-grained and Object-oriented Permission System to Confine JavaScript Operations on the Web" (2025). Interdisciplinary Informatics Faculty Publications. 65.
https://digitalcommons.unomaha.edu/interdiscipinformaticsfacpub/65
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Funded by the University of Nebraska at Omaha Open Access Fund
Comments
The PDF pass the Adobe accessibility checker prior to upload.
This article was published open access under the University of Nebraska at Omaha and ACM open access publishing agreement.