@inproceedings{dong2013protecting,
author = {Dong, Xinshu and Chen, Zhaofeng and Siaditi, Hossein and Tople, Shruti and Saxena, Prateek and Liang, Zhenkai},
title = {Protecting Sensitive Web Content from Client-side Vulnerabilities with CRYPTONs},
booktitle = {Computer and Communications Security (CCS 2013)},
year = {2013},
month = {November},
abstract = {Web browsers isolate web origins, but do not provide direct abstractions
to isolate sensitive data and control computation over it within
the same origin. As a result, guaranteeing security of sensitive web
content requires trusting all code in the browser and client-side applications
to be vulnerability-free. In this paper, we propose a new
abstraction, called CRYPTON, which supports intra-origin control
over sensitive data throughout its life cycle. To securely enforce
the semantics of CRYPTONs, we develop a standalone component
called CRYPTON-KERNEL, which extensively leverages the functionality
of existing web browsers without relying on their large
TCB. Our evaluation demonstrates that the CRYPTON abstraction
supported by the CRYPTON-KERNEL is widely applicable to popular
real-world applications with millions of users, including webmail,
chat, blog applications, and Alexa Top 50 websites, with low
performance overhead.},
url = {http://approjects.co.za/?big=en-us/research/publication/protecting-sensitive-web-content-from-client-side-vulnerabilities-with-cryptons-2/},
}