KUBERA: A security model for Web Applications

Abstract

Web Applications have changed significantly since the World Wide Web was introduced, facing a shift in web content from simple hyperlinked documents to active programs. However, the prevailing web protection model, the same origin policy, is an imperfect approach to identify web applications and govern their behavior. As a result, web applications have become attractive targets of exploitation, especially web plug-ins. In this paper, we present KUBERA, a new web browser security model that adapts lessons from OS to make the browser a more suitable platform for web applications. Using system call interposition, KUBERA is responsible for uniformly specifying and enforcing security policies on not just HTML and JavaScript, but plug-in media and browser extensions as well. We describe our implementation of a prototype of KUBERA, and illustrate how browsers can use KUBERA for securing their resources.