OWASP AppSec 2010: (New) Object Capabilities and Isolation of Untrusted Web Applications 1/3

Clip 1/3 Speaker: Sergio Maffeis, Imperial College, London The object-capability model provides an appealing approach for isolating untrusted content in mashups: if untrusted applications are provided disjoint capabilities they still can interact with the user or the hosting page, but they cannot directly interfere with each other. We develop language-based foundations for isolation proofs based on object-capability concepts, and we show the applicability of our framework for a specific class of mashups. As an application, we prove that a JavaScript subset based on Google Caja is capability safe. For more information click here (bit.ly
Video Rating: 0 / 5