Abstract:​Although there exist technical solutions or legislation laws, online user privacy is still an open issue and an unsolved crisis. Indeed, there is no formal assurance mechanism to guarantee that a web application will not violate its users' privacy stated in the user agreement. In this presentation, we introduce a new method to protect web users' privacy by monitoring JavaScript code based on the source of the code, i.e., code origin.  Our code-origin policy enforcement approach advances the conventional same-origin policy standard and allows the users to customize their protection. We demonstrate that our privacy policies can be certified at the development phase and verified at runtime to provide formal assurance of the enforcement.​​​

2021 marks the 20th Anniversary of the OWASP Foundation.

We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live, virtual 24-hour global event as we honor the past, celebrate the present and embrace the future of OWASP and cybersecurity. Hear from world renowned keynotes and special speakers, network with your peers and interact with our event sponsors.

Code-Origin Policy: Towards a Formal User Privacy Protection for the Web

Conference: OWASP 20th Anniversary Event

Authors: Phu H. Phung

Abstract

Post a comment

Related work

Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills.

Digital You and the Metaverse