Go to ACM TheWebConf 2025 Conference homepageBeast in the Cage: A Fine-grained and Object-oriented Permission System to Confine JavaScript Operations on the Web
Track: Security and privacy
Keywords: HTML, JavaScript, permission
Abstract: JavaScript plays a crucial role on web. However, the inclusion of unknown, vulnerable, or malicious scripts on websites and in browser extensions and the use of browsers' developer tools often leads to undesired web content manipulations and data acquisitions. To restrict JavaScript operations on web content and data, we introduce a fine-grained, mandatory access control-based, and object-oriented permission system for browsers. With our system, web developers can define policies for sensitive web elements on their web pages to allow or deny scripts' operations on web content and data within browsers. The system substantially thwarts many web threats and attacks, and offers benefits to personal data governance. We developed a tool for automatic policy generation and demonstrated the usability and compatibility of the system in a three-month study. Our system is a reasonable and practical solution, bolstering the security and trustworthiness on the internet.
Submission Number: 543
Loading