Check out the new USENIX Web site. nextupprevious
Next:Finding the Subject OriginUp:A User's and Programmer'sPrevious:Fine-Grained Trust Management via

Security Code Layers and Hardening of the Mozilla Layer

Our implementation adds a new security layer on top of the existing Netscape code, realizing access control, security policies, and trust management as described in Section 3. We created a security layer API and added calls to it from Netscape's code, as depicted in Figure 3. (See Section 7 for further details.)
 
 
Figure 3: Security Layers

The robustness of the combined code depends on finding all the right spots in Netscape's code at which to interpose our API calls such that we close all back doors. At the same time, our implementation makes calls to basic functions in the Netscape code and therefore relies on the correct behavior of that code. Much of that code is devoted to identifying the subject and object origin URLs. (The subject origin URL is the place where the executing JavaScript code comes from. The object origin URL is the place where the JavaScript code comes from for the object being acted on.) If our code were to get the wrong information, it could possibly grant access inappropriately, thus opening a security hole. Given the importance of this basic code, we suggest a more methodical approach to realize these two basic functions. (See the subsequent subsections.)

Another area of concern is that object values persist across document loads in a window. Each document is supposed to form a separate context. However, in Netscape's current implementation, window.name maintains its value across document loads. A clever intruder could then access the information that was supposed to be destroyed with the object. While we have fixed the case of window.name, we chose not to close this hole in its generality, because we believe that the new Netscape document object model (DOM) would do so for us.
 



nextupprevious
Next:Finding the Subject OriginUp:A User's and Programmer'sPrevious:Fine-Grained Trust Management via
Alain Mayer

8/5/1999