A Unified Security Model for Web
The web browser has become a complete operating system, providing a
deployment platform for a huge number of web applications that vary
greatly in trustworthiness. In this role,
it is the web browser that
must isolate these applications from one another. Unlike traditional
time-sharing systems, however,
which have a clear principle --- the
user --- to apply security policies to, web applications are loosely
defined as a collection of interacting servers. This makes it very
difficult for the browser to completely isolate the application.
In this talk, I'll introduce our mechanism that allows web developers
to securely define the boundaries of their applications.