ScriptChecker: To Tame Third-party Script Execution With Task Capabilities

2022.10.10

ScriptChecker: To Tame Third-party Script Execution With Task Capabilities

1. 论文简介

简介

介绍

2.现有工作

缺点

Chrome目前的安全策略

3. 设计实现

ScriptChecker设计

ScriptChecker 优点

Sandbox Context

Task Capability System

Asynchronous Execution

Example

Details

Context seperation

Frame struct

Event Listeners

Code Extension

Cross-Context Reference

单向隔离

CAPABILITY SYSTEM

ASYNCHRONOUS EXECUTION

Function Call

Restricted Risky Script Inclusion

4. 效果评估

评估-能力

评估-适应性

评估-防御 Benchmark

评估-效率

评估-与已有方案的对比

讨论

本次组会内容下载链接

返回