[转载]Security Model for the Client-Side Web Application Environments

文章作者：Sachiko Yoshihama, Naohiko Uramoto, Satoshi Makino, Ai Ishida, Shinya Kawanaka, and Frederik De Keukelaere
原始出处：http://seclab.cs.rice.edu/w2sp/2007/

本文章是Web 2.0 Security & Privacy 2007大会议题。

Introduction
Although best-practice approaches could be effective for securing Web 2.0 applications in the near term, it is time to reconsider the security model of the client-side Web application environment. The current browser security model is designed under an assumption that the content within a server is mutually trustworthy. However, Web 2.0 emphasizes collaboration and interaction of users, which implies that any webpage could include content from multiple participants, including potentially malicious ones. In addition, the use of mashup introduces more chances to integrate potentially malicious content into a single webpage.
Component models, such as the isolation of widgets using <iframe> tags, offer effective means for confining content from different sources into its own sandbox. However, they are not a cure-all solution. The current browser model is vulnerable to many attacks, such as cross-site scripting (XSS), as a result of its out-dated security assumptions. Moreover, we cannot force all existing services to follow a new programming model. Since application developers tend to give precedence to presentation over security, a security model that does not change the user experience may be demanded. To mitigate the risks of attacks in Web 2.0 applications, fine-grained access control in the client-side application environment is important.