Loading...

OWASP AppSec 2010: (New) Object Capabilities and Isolation of Untrusted Web Applications 3/3

35 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Aug 31, 2010

Clip 3/3
Speaker: Sergio Maffeis, Imperial College, London

The object-capability model provides an appealing approach for isolating untrusted content in mashups: if untrusted applications are provided disjoint capabilities they still can interact with the user or the hosting page, but they cannot directly interfere with each other. We develop language-based foundations for isolation proofs based on object-capability concepts, and we show the applicability of our framework for a specific class of mashups. As an application, we prove that a JavaScript subset based on Google Caja is capability safe.

For more information click here (http://bit.ly/aeSvg2)

Loading...

to add this to Watch Later

Add to

Loading playlists...