Towards Improving the Deprecation Process of Web Features through Progressive Web Security

2022 IEEE Security and Privacy Workshops (SPW) Pub Date : 2022-05-01 DOI:10.1109/spw54247.2022.9833872

Tom van Goethem, W. Joosen

{"title":"Towards Improving the Deprecation Process of Web Features through Progressive Web Security","authors":"Tom van Goethem, W. Joosen","doi":"10.1109/spw54247.2022.9833872","DOIUrl":null,"url":null,"abstract":"To keep up with the continuous modernization of web applications and to facilitate their development, a large number of new features are introduced to the web platform every year. Although new web features typically undergo a security review, issues affecting the privacy and security of users could still surface at a later stage, requiring the deprecation and removal of affected APIs. Furthermore, as the web evolves, so do the expectations in terms of security and privacy, and legacy features might need to be replaced with improved alternatives. Currently, this process of deprecating and removing features is an ad-hoc effort that is largely uncoordinated between the different browser vendors. This causes a discrepancy in terms of compatibility and could eventually lead to the deterrence of the removal of an API, prolonging potential security threats. In this paper we propose a progressive security mechanism that aims to facilitate and standardize the deprecation and removal of features that pose a risk to users’ security, and the introduction of features that aim to provide additional security guarantees.","PeriodicalId":334852,"journal":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/spw54247.2022.9833872","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

To keep up with the continuous modernization of web applications and to facilitate their development, a large number of new features are introduced to the web platform every year. Although new web features typically undergo a security review, issues affecting the privacy and security of users could still surface at a later stage, requiring the deprecation and removal of affected APIs. Furthermore, as the web evolves, so do the expectations in terms of security and privacy, and legacy features might need to be replaced with improved alternatives. Currently, this process of deprecating and removing features is an ad-hoc effort that is largely uncoordinated between the different browser vendors. This causes a discrepancy in terms of compatibility and could eventually lead to the deterrence of the removal of an API, prolonging potential security threats. In this paper we propose a progressive security mechanism that aims to facilitate and standardize the deprecation and removal of features that pose a risk to users’ security, and the introduction of features that aim to provide additional security guarantees.

查看原文本刊更多论文

通过渐进式Web安全改进Web功能的弃用过程

为了跟上web应用程序的不断现代化并促进其发展，每年都会向web平台引入大量新功能。虽然新的web功能通常会经过安全审查，但影响用户隐私和安全的问题仍可能在后期浮出水面，需要弃用和删除受影响的api。此外，随着网络的发展，人们对安全性和隐私的期望也在不断提高，遗留功能可能需要被改进的替代品所取代。目前，这种弃用和删除功能的过程是一种特别的工作，在很大程度上没有在不同的浏览器供应商之间进行协调。这会导致兼容性方面的差异，并可能最终导致阻止删除API，从而延长潜在的安全威胁。在本文中，我们提出了一种渐进的安全机制，旨在促进和标准化对用户安全构成风险的功能的弃用和删除，以及旨在提供额外安全保证的功能的引入。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量