Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Beeswax: a platform for private web apps

Beeswax: a platform for private web apps Abstract Even if a web-based messaging service offered confidential channels, how would users know whether their keys, or indeed even their plaintext, was not being exfiltrated? What if a variety of applications offered confidentiality? How would a user gain trust in all of them? In this paper we argue that a platform for private web applications is the only practical way for users to gain assurance about the confidentiality claims of a large number of full-featured web-services.We introduce Beeswax, a client-side platform that allows confidential data to be exchanged between users at the behest of an application, through a narrow set of APIs. Beeswax installs in a modern browser to deliver a complete practical solution, from key distribution to isolation of private data from the applications, thereby making an analysis of application code unnecessary. This focuses scrutiny and trust on the platform itself, rather than on all the applications using it. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings on Privacy Enhancing Technologies de Gruyter

Beeswax: a platform for private web apps

Download PDF
17 pages

Loading next page...
 
/lp/de-gruyter/beeswax-a-platform-for-private-web-apps-T6U1I6fZvL
Publisher
de Gruyter
Copyright
Copyright © 2016 by the
ISSN
2299-0984
eISSN
2299-0984
DOI
10.1515/popets-2016-0014
Publisher site
See Article on Publisher Site

Abstract

Abstract Even if a web-based messaging service offered confidential channels, how would users know whether their keys, or indeed even their plaintext, was not being exfiltrated? What if a variety of applications offered confidentiality? How would a user gain trust in all of them? In this paper we argue that a platform for private web applications is the only practical way for users to gain assurance about the confidentiality claims of a large number of full-featured web-services.We introduce Beeswax, a client-side platform that allows confidential data to be exchanged between users at the behest of an application, through a narrow set of APIs. Beeswax installs in a modern browser to deliver a complete practical solution, from key distribution to isolation of private data from the applications, thereby making an analysis of application code unnecessary. This focuses scrutiny and trust on the platform itself, rather than on all the applications using it.

Journal

Proceedings on Privacy Enhancing Technologiesde Gruyter

Published: Jul 1, 2016

References

  • Chatting off the record Google Chat Help https support google com chat answer
  • Protecting Browsers from Extension in
    Barth
  • Beeswax Platform Home https web priv github io beeswax code for platform and applications
    Page
  • Javascript Sandboxes to Help Web Developers Help Themselves in
    Ingram
  • An Evaluation of the Google Chrome Extension in
    Carlini
  • Safe active content in sanitized JavaScript Google
    Miller
  • Web API Candidate Recommendation http www org
    Cryptography
  • ly project homepage https priv ly
    Priv
  • Privacy Policy https slack com privacy policy
    Slack
  • Web API Candidate Recommendation http www org
    Cryptography
  • An Evaluation of the Google Chrome Extension in
    Carlini
  • Public API for tweets developer docs https dev twitter com rest reference get search tweets
  • DOM Level Flow Events Working Draft https www org DOM Level Events eventflow
    December
  • Fully Abstract Compilation to JavaScript in
    Fournet
  • io homepage https keybase io
    Keybase
  • Protecting Users by Confining JavaScript with COWL in
    Stefan
  • io github page https github com subrosa io
    Subrosa
  • homepage http www adsafe org
    ADSafe
  • Project Homepage https crypto cat Site closed temporarily by developers in Feb
    Cryptocat
  • Beeswax Platform Home https web priv github io beeswax code for platform and applications
    Page
  • Entity authentication key distribution in
    Bellare
  • Chrome Developer Content Scripts https developer chrome com extensions content scripts
  • ConScript Specifying and Enforcing Policies for JavaScript in the Browser in
    Meyerovich
  • ly project homepage https priv ly
    Priv
  • Protecting Browsers from Extension in
    Barth
  • Project Homepage https crypto cat Site closed temporarily by developers in Feb
    Cryptocat
  • Mozilla Blog Plugging the CSS https blog mozilla org security plugging thecss history leak
    Leak
  • Public API for tweets developer docs https dev twitter com rest reference get search tweets
  • Protecting Users by Confining JavaScript with COWL in
    Stefan
  • io github page https github com subrosa io
    Subrosa
  • homepage http www adsafe org
    ADSafe
  • ConScript Specifying and Enforcing Policies for JavaScript in the Browser in
    Meyerovich
  • DOM Level Flow Events Working Draft https www org DOM Level Events eventflow
    December
  • Fully Abstract Compilation to JavaScript in
    Fournet
  • Entity authentication key distribution in
    Bellare
  • Secure Private Beautiful Group Chat Home https chatstep com
    ChatStep
  • Curve New Speed Records in -
    Bernstein
  • Chrome Developer Content Scripts https developer chrome com extensions content scripts
  • Shadow DOM Working Draft http www org shadow dom
    June
  • Chatting off the record Google Chat Help https support google com chat answer
  • Javascript Sandboxes to Help Web Developers Help Themselves in
    Ingram
  • Symmetric in Javascript in
    Stark
  • io homepage https keybase io
    Keybase
  • Curve New Speed Records in -
    Bernstein
  • Safe active content in sanitized JavaScript Google
    Miller
  • Content Policy Level Recommendation http www org
    February
  • Mozilla Blog Plugging the CSS https blog mozilla org security plugging thecss history leak
    Leak
  • Shadow DOM Working Draft http www org shadow dom
    June
  • Symmetric in Javascript in
    Stark
  • Secure Private Beautiful Group Chat Home https chatstep com
    ChatStep
  • Content Policy Level Recommendation http www org
    February
  • Privacy Policy https slack com privacy policy
    Slack