Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/de-gruyter/beeswax-a-platform-for-private-web-apps-T6U1I6fZvL
References (57)
-
M. Bellare, P. Rogaway (1993)
Entity Authentication and Key Distribution -
(2010)
Mozilla Security Blog: Plugging the CSS History Leak -
Chatting off the record. Google Chat Help -
Event Flow (UI Events) -
Beeswax Platform: Home Page -
Chatting off the record Google Chat Help https support google com chat answer
, 27
-
Miller (2008)
Safe active content in sanitized JavaScript GoogleTech Rep, 13
-
Content Security Policy Level 2 W3C Recommendation -
Cryptocat: Project Homepage -
Chrome Developer: Content Scripts -
(2008)
Safe active content in sanitized JavaScript -
Stark (2009)
Symmetric in Javascript in, 16
-
Cryptography (2014)
Web API Candidate Recommendation http www org -
Priv.ly project homepage -
Keybase
io homepage https keybase io, 28
-
ADSafe homepage -
Leo Meyerovich, B. Livshits (2010)
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser2010 IEEE Symposium on Security and Privacy
-
ChatStep: Secure / Private / Beautiful Online Group Chat. Home Page -
Page
Beeswax Platform Home https web priv github io beeswax code for platform and applications, 19
-
Subrosa
io github page https github com subrosa io -
Slack Privacy Policy -
Cryptocat (2016)
Project Homepage https crypto cat Site closed temporarily by developers in Feb, 22
-
Barth (2010)
Protecting Browsers from Extension in -
Leak (2010)
Mozilla Blog Plugging the CSS https blog mozilla org security plugging thecss history leakSecurity History
-
D. Stefan, Edward Yang, Petr Marchenko, Alejandro Russo, David Herman, B. Karp, David Mazières (2014)
Protecting Users by Confining JavaScript with COWL -
ShadowCrypt github page -
C. Fournet, N. Swamy, Juan Chen, Pierre-Évariste Dagand, Pierre-Yves Strub, B. Livshits (2013)
Fully abstract compilation to JavaScript -
Warren He, Devdatta Akhawe, Sumeet Jain, E. Shi, D. Song (2014)
ShadowCrypt: Encrypted Web Applications for EveryoneProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
-
Lon Ingram, Michael Walfish (2012)
Treehouse: Javascript Sandboxes to Help Web Developers Help Themselves -
June (2014)
Shadow DOM Working Draft http www org shadow dom, 24
-
Public API for tweets developer docs https dev twitter com rest reference get search tweets
Search
-
Meyerovich (2010)
ConScript Specifying and Enforcing Policies for JavaScript in the Browser inSecurity IEEE, 12
-
December
DOM Level Flow Events Working Draft https www org DOM Level Events eventflowEvent, 26
-
Carlini (2012)
An Evaluation of the Google Chrome Extension inSecurity Architecture Security
-
Lightweight selfprotecting javascript -
Ingram (2012)
Javascript Sandboxes to Help Web Developers Help Themselves in -
A. Barth, A. Felt, P. Saxena, A. Boodman (2010)
Protecting Browsers from Extension Vulnerabilities -
Bernstein (2006)
Curve New Speed Records in -Public Key Cryptography PKC
-
Nicholas Carlini, A. Felt, D. Wagner (2012)
An Evaluation of the Google Chrome Extension Security Architecture -
February
Content Policy Level Recommendation http www orgSecurity, 23
-
Stanford Javscript Crypto Library (SJCL) homepage -
ADSafe
homepage http www adsafe org, 18
-
Slack
Privacy Policy https slack com privacy policy -
(2006)
Entity authentication and key distribution Curve 25519 : New Diffie - Hellman Speed Records -
D. Bernstein (2006)
Curve25519: New Diffie-Hellman Speed Records -
Subrosa.io github page -
Emily Stark, Michael Hamburg, D. Boneh (2009)
Symmetric Cryptography in Javascript2009 Annual Computer Security Applications Conference
-
Kiwi IRC homepage -
Priv
ly project homepage https priv ly, 30
-
ChatStep
Secure Private Beautiful Group Chat Home https chatstep comOnline, 20
-
W3C Web Cryptography API, Candidate Recommendation -
Jonas Magazinius, Phu Phung, David Sands (2010)
Safe Wrappers and Sane Policies for Self Protecting JavaScript -
Public Search API for tweets (developer docs) -
Shadow DOM W3C Working Draft -
Chrome Developer Content Scripts https developer chrome com extensions content scripts
, 21
-
S. Maffeis, John Mitchell, Ankur Taly (2009)
Isolating JavaScript with Filters, Rewriting, and Wrappers -
Chrome Developers: DOM Attributes now on the prototype chain
- Publisher
- de Gruyter
- Copyright
- Copyright © 2016 by the
- ISSN
- 2299-0984
- eISSN
- 2299-0984
- DOI
- 10.1515/popets-2016-0014
- Publisher site
- See Article on Publisher Site
Abstract
Abstract Even if a web-based messaging service offered confidential channels, how would users know whether their keys, or indeed even their plaintext, was not being exfiltrated? What if a variety of applications offered confidentiality? How would a user gain trust in all of them? In this paper we argue that a platform for private web applications is the only practical way for users to gain assurance about the confidentiality claims of a large number of full-featured web-services.We introduce Beeswax, a client-side platform that allows confidential data to be exchanged between users at the behest of an application, through a narrow set of APIs. Beeswax installs in a modern browser to deliver a complete practical solution, from key distribution to isolation of private data from the applications, thereby making an analysis of application code unnecessary. This focuses scrutiny and trust on the platform itself, rather than on all the applications using it.
Journal
Proceedings on Privacy Enhancing Technologies – de Gruyter
Published: Jul 1, 2016