SOMA: mutual approval for included content in web pages

@inproceedings{Oda2008SOMAMA,
  title={SOMA: mutual approval for included content in web pages},
  author={Terri Oda and Glenn Wurster and Paul C. van Oorschot and Anil Somayaji},
  booktitle={ACM Conference on Computer and Communications Security},
  year={2008}
}
Unrestricted information flows are a key security weakness of current web design. Cross-site scripting, cross-site request forgery, and other attacks typically require that information be sent or retrieved from arbitrary, often malicious, web servers. In this paper we propose Same Origin Mutual Approval (SOMA), a new policy for controlling information flows that prevents common web vulnerabilities. By requiring site operators to specify approved external domains for sending or receiving… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 48 CITATIONS

A systematic analysis of the science of sandboxing

VIEW 5 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Automating Content Security Policy Generation

VIEW 5 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Security mechanisms and policy for mandatory access control in computer systems

VIEW 8 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

Browser protection against cross-site request forgery

VIEW 4 EXCERPTS
CITES METHODS
HIGHLY INFLUENCED

Enforcing Session Integrity in the World "Wild" Web

VIEW 2 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Automated detection of session management vulnerabilities in web applications

  • 2012 Tenth Annual International Conference on Privacy, Security and Trust
  • 2012
VIEW 6 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

References

Publications referenced by this paper.
SHOWING 1-6 OF 6 REFERENCES

NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience

G. Maone
  • Web Page (viewed
  • 2008
VIEW 8 EXCERPTS
HIGHLY INFLUENTIAL

Pagestats

S. DeDeo
  • Web Page
  • 2008
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

Preventing Cross Site Request Forgery Attacks

  • 2006 Securecomm and Workshops
  • 2006
VIEW 10 EXCERPTS
HIGHLY INFLUENTIAL

A safety-oriented platform for Web applications

  • 2006 IEEE Symposium on Security and Privacy (S&P'06)
  • 2006
VIEW 8 EXCERPTS
HIGHLY INFLUENTIAL

Similar Papers

Loading similar papers…