Page 217 - 《软件学报》2021年第8期

P. 217

罗武等:浏览器同源策略安全研究综述 2499

工作应当会更倾向于使用基于操作系统甚至是基于硬件的隔离机制,以缩减可信计算基来实现更强的安全隔
离.然而,可信计算基的缩减意味着策略实施将面临着一些语义的丢失,例如,SiteIsolation 项目 [33] 利用进程来进
行主体间的隔离,但是需要其他机制来判断 Web 资源类型来决定是否进行隔离.此外,这种浏览器架构上的变化
还需要考虑性能以及向后兼容性等因素.

7 结束语

本文对浏览器同源策略安全的研究进展进行了深入分析和总结.首先介绍了同源策略的规则和跨域/跨源
通信机制,分析了同源策略安全研究的威胁模型和研究方向;接着,分别总结分析了同源策略规则不足与应对方
案、跨域与跨源通信机制安全威胁及应对方案以及内存攻击下的同源策略安全;最后,展望了同源策略安全的
未来研究方向.期望我们的工作能够为以后的研究者给予有益的参考,为同源策略安全研究作出贡献.

致谢我们向同源策略安全研究的先行者以及对本文工作提出宝贵建议的评审老师表示衷心的感谢.

References:
[1] Barth A. Google. The Web origin concept. 2011. https://tools.ietf.org/html/rfc6454
[2] W3C. Same origin policy in W3C. 2010. https://www.w3.org/Security/wiki/Same_Origin_Policy
[3] WHATWG. The HTML5 spec’s definition of origin. 2020. https://html.spec.whatwg.org/multipage/origin.html#concept-origin
[4] Wikipedia. Same origin policy in wikipedia. 2020. https://en.wikipedia.org/wiki/Same-origin_policy
[5] Firefox. Same origin policy in firefox. 2020. https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
[6] Nikiforakis N, Invernizzi L, Kapravelos A, et al. You are what you include: Large-scale evaluation of remote JavaScript
inclusions. In: Proc. of the 2012 ACM SIGSAC Conf. on Computer and Communications Security (CCS 2012). 2012.
736−747. [doi: 10.1145/ 2382196.2382274]
[7] Zhou Y, Evans D. Understanding and monitoring embedded Web scripts. In: Proc. of the 2015 IEEE Symp. on Security and
Privacy (SP 2015). 2015. 850−865. [doi: 10.1109/SP.2015.57]
[8] Ikram M, Masood R, Tyson G, et al. The chain of implicit trust: An analysis of the Web third-party resources loading. In: Proc. of
the 2019 Int’l Conf. on World Wide Web (WWW 2019). 2019. 2851−2857. [doi: 10.1145/3308558.3313521]
[9] Cao Y, Rastogi V, Li Z, et al. Redefining Web browser principals with a configurable origin policy. In: Proc. of the 2013 Annual
IEEE/IFIP Int’l Conf. on Dependable Systems and Networks (DSN 2013). 2013. 1−12. [doi: 10.1109/DSN.2013.6575317]
[10] Somé DF, Bielova N, Rezk T. On the content security policy violations due to the same-origin policy. In: Proc. of the 2017 Int’l
Conf. on World Wide Web (WWW 2017). 2017. 877−886. [doi: 10.1145/3038912.3052634]
[11] Barth A, Jackson C, Mitchell JC. Robust defenses for cross-site request forgery. In: Proc. of the 2008 ACM SIGSAC Conf. on
Computer and Communications Security (CCS 2008). 2008. 75−88. [doi: 10.1145/1455770.1455782]
[12] Lekies S, Stock B, Wentzel M, et al. The unexpected dangers of dynamic JavaScript. In: Proc. of the 2015 USENIX Security
Symp. (USENIX Security 2015). 2015. 723−735.
[13] Singh K, Moshchuk A, Wang HJ, et al. On the incoherencies in Web browser access control policies. In: Proc. of the 2010 IEEE
Symp. on Security and Privacy (SP 2010). 2010. 463−478. [doi: 10.1109/SP.2010.35]
[14] Son S, Shmatikov V. The postman always rings twice: Attacking and defending postMessage in HTML5 Websites. In: Proc. of
the 2013 Network and Distributed System Security Symp. (NDSS 2013). 2013.
[15] Popescu P. Practical JSONP injection. 2017. https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
[16] Chen J, Jiang J, Duan H, et al. We still don’t have secure cross-domain requests: An empirical study of CORS. In: Proc. of the
2018 USENIX Security Symp. (USENIX Security 2018). 2018. 1079−1093.
[17] Song C, Zhang C, Wang T, et al. Exploiting and protecting dynamic code generation. In: Proc. of the 2015 Network and
Distributed System Security Symp. (NDSS 2015). 2015.
[18] Gong G. Pwn a nexus device with a single vulnerability. 2016. https://cansecwest.com/slides/2016/CSW2016_Gong_Pwn_a_
Nexus_device_with_a_single_vulnerability.pdf

212 213 214 215 216 217 218 219 220 221 222