How Do I Model State? Let Me Count the Ways. Foster, I., Parastatidis, S., Watson, P., & McKeown, M. Communications of the ACM, 51(9):34-41, September, 2008.
doi  abstract   bibtex   
Many Web sites embed third-party content in frames, relying on the browser's security policy to protect against malicious content. However, frames provide insufficient isolation in browsers that let framed content navigate other frames. We evaluate existing frame navigation policies and advocate a stricter policy, which we deploy in the open-source browsers. In addition to preventing undesirable interactions, the browser's strict isolation policy also affects communication between cooperating frames. We therefore analyze two techniques for interframe communication between isolated frames. The first method, fragment identifier messaging, initially provides confidentiality without authentication, which we repair using concepts from a well-known network protocol. The second method, postMessage, initially provides authentication, but we discover an attack that breaches confidentiality. We propose improvements in the postMessage API to provide confidentiality; our proposal has been standardized and adopted in browser implementations.
@article{ fos08,
  author = {Ian Foster and Savas Parastatidis and Paul Watson and Mark McKeown},
  title = {How Do I Model State? Let Me Count the Ways},
  journal = {Communications of the ACM},
  volume = {51},
  number = {9},
  pages = {34-41},
  year = {2008},
  month = {September},
  doi = {10.1145/1378727.1378739},
  uri = {http://cacm.acm.org/magazines/2008/9/5323-how-do-i-model-state/fulltext},
  abstract = {Many Web sites embed third-party content in frames, relying on the browser's security policy to protect against malicious content. However, frames provide insufficient isolation in browsers that let framed content navigate other frames. We evaluate existing frame navigation policies and advocate a stricter policy, which we deploy in the open-source browsers. In addition to preventing undesirable interactions, the browser's strict isolation policy also affects communication between cooperating frames. We therefore analyze two techniques for interframe communication between isolated frames. The first method, fragment identifier messaging, initially provides confidentiality without authentication, which we repair using concepts from a well-known network protocol. The second method, postMessage, initially provides authentication, but we discover an attack that breaches confidentiality. We propose improvements in the postMessage API to provide confidentiality; our proposal has been standardized and adopted in browser implementations.}
}

Downloads: 0