Secure and trustworthy remote JavaScript execution
Autor(a) principal: | |
---|---|
Data de Publicação: | 2016 |
Outros Autores: | |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10071/25287 |
Resumo: | Javascript is used more and more as a programming language to develop web applications in order to increase the user experience and application interactivity. Although Javascript is a powerful technology that offers these characteristics, it is also a potential web application attack vector that can be exploited to impact the end-user, since it can be maliciously intercepted and modified. Today, web browsers act as worldwide open windows, executing, on a given user machine (computer, smartphone, tablet or any other), remote code. Therefore, it is important to ensure the trust on the execution of this remote code. This trust should be ensured at the JavaScript remote code producer, during transport and also locally before being executed on the end-user web-browser. In this paper, the authors propose and present a mechanism that allows the secure production and verification of web-applications JavaScript code. The paper also presents a set of tools that were developed to offer JavaScript code protection and ensure its trust at the production stage, but also a proxy-based mechanism that ensures end-users the un-modified nature and source validation of the remote JavaScript code prior to its execution by the end-user browser. |
id |
RCAP_29b3bc0551bda1f0caf58f76b3491f48 |
---|---|
oai_identifier_str |
oai:repositorio.iscte-iul.pt:10071/25287 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Secure and trustworthy remote JavaScript executionWeb applicationsJavaScriptSecurityTrustProxyJavascript is used more and more as a programming language to develop web applications in order to increase the user experience and application interactivity. Although Javascript is a powerful technology that offers these characteristics, it is also a potential web application attack vector that can be exploited to impact the end-user, since it can be maliciously intercepted and modified. Today, web browsers act as worldwide open windows, executing, on a given user machine (computer, smartphone, tablet or any other), remote code. Therefore, it is important to ensure the trust on the execution of this remote code. This trust should be ensured at the JavaScript remote code producer, during transport and also locally before being executed on the end-user web-browser. In this paper, the authors propose and present a mechanism that allows the secure production and verification of web-applications JavaScript code. The paper also presents a set of tools that were developed to offer JavaScript code protection and ensure its trust at the production stage, but also a proxy-based mechanism that ensures end-users the un-modified nature and source validation of the remote JavaScript code prior to its execution by the end-user browser.Iadis2022-05-09T09:16:29Z2016-01-01T00:00:00Z20162022-05-09T10:15:37Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10071/25287eng978-989-8533-48-7Serrão, C.Rocha, D.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-07-07T02:38:24Zoai:repositorio.iscte-iul.pt:10071/25287Portal AgregadorONGhttps://www.rcaap.pt/oai/openairemluisa.alvim@gmail.comopendoar:71602024-07-07T02:38:24Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Secure and trustworthy remote JavaScript execution |
title |
Secure and trustworthy remote JavaScript execution |
spellingShingle |
Secure and trustworthy remote JavaScript execution Serrão, C. Web applications JavaScript Security Trust Proxy |
title_short |
Secure and trustworthy remote JavaScript execution |
title_full |
Secure and trustworthy remote JavaScript execution |
title_fullStr |
Secure and trustworthy remote JavaScript execution |
title_full_unstemmed |
Secure and trustworthy remote JavaScript execution |
title_sort |
Secure and trustworthy remote JavaScript execution |
author |
Serrão, C. |
author_facet |
Serrão, C. Rocha, D. |
author_role |
author |
author2 |
Rocha, D. |
author2_role |
author |
dc.contributor.author.fl_str_mv |
Serrão, C. Rocha, D. |
dc.subject.por.fl_str_mv |
Web applications JavaScript Security Trust Proxy |
topic |
Web applications JavaScript Security Trust Proxy |
description |
Javascript is used more and more as a programming language to develop web applications in order to increase the user experience and application interactivity. Although Javascript is a powerful technology that offers these characteristics, it is also a potential web application attack vector that can be exploited to impact the end-user, since it can be maliciously intercepted and modified. Today, web browsers act as worldwide open windows, executing, on a given user machine (computer, smartphone, tablet or any other), remote code. Therefore, it is important to ensure the trust on the execution of this remote code. This trust should be ensured at the JavaScript remote code producer, during transport and also locally before being executed on the end-user web-browser. In this paper, the authors propose and present a mechanism that allows the secure production and verification of web-applications JavaScript code. The paper also presents a set of tools that were developed to offer JavaScript code protection and ensure its trust at the production stage, but also a proxy-based mechanism that ensures end-users the un-modified nature and source validation of the remote JavaScript code prior to its execution by the end-user browser. |
publishDate |
2016 |
dc.date.none.fl_str_mv |
2016-01-01T00:00:00Z 2016 2022-05-09T09:16:29Z 2022-05-09T10:15:37Z |
dc.type.driver.fl_str_mv |
conference object |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10071/25287 |
url |
http://hdl.handle.net/10071/25287 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
978-989-8533-48-7 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Iadis |
publisher.none.fl_str_mv |
Iadis |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
mluisa.alvim@gmail.com |
_version_ |
1817546283111415808 |