Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Limiting JavaScript usage in a multi-module web platform
KTH, School of Computer Science and Communication (CSC).
2014 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This report details our research done on web sandboxeswith a focus on two different implementations, Google Cajaand ADsafe. Detailing their differences, their soundness,and their suitability for isolation of untrusted JavaScriptin a specific multi-module web platform. The report alsocontains our results from implementing a prototype of atool to automatically test an implementation of an ADsafesandbox.We present our motivation for this research as the securityissues with running non-isolated and unchecked JavaScript,and the specific risks related to Multisoft’s Softadmin platform

Abstract [sv]

Begränsning av JavaScript i enmulti-modulär web plattformI denna rapport presenterar vi vår undersökning av sandlådorför JavaScript. Vi fokuserar på två implementeringar,Google Caja och ADsafe.I rapporten presenterar vi deras för-och nackdelar, hur vikan undersöka och visa deras säkerhet, samt hur de passarsom verktyg för isolering av JavaScript i en specifik multimodulärweb plattform. Vi presenterar även de resultat vikom fram till efter att vi försökte designa och implementeraett verktyg som automatiskt kan testa en implementeringav en ADsafe sandbox.Slutligen beksriver vi vår motivering bakom denna rapport,e de säkerhetsrisker okontrollerad JavaScript för medsig och de specifika riskerna i multi-modulära web platformarlikt Multisofts Softadmin plattform.

Place, publisher, year, edition, pages
2014.
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-155766OAI: oai:DiVA.org:kth-155766DiVA: diva2:762845
Educational program
Master of Science - Computer Science
Examiners
Available from: 2014-11-20 Created: 2014-11-13 Last updated: 2014-11-20Bibliographically approved

Open Access in DiVA

No full text

By organisation
School of Computer Science and Communication (CSC)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 115 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf