A4 Article in conference proceedings
On the Integrity of Cross-Origin JavaScripts

List of Authors: Ruohonen Jukka, Salovaara Joonas, Leppänen Ville
Publication year: 2018
Journal: IFIP Advances in Information and Communication Technology
Book title *: ICT Systems Security and Privacy Protection: 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings
Title of series: IFIP Advances in Information and Communication Technology
Volume number: 529
ISBN: 978-3-319-99827-5


The cross-origin policy is a fundamental part of the world
wide web. Despite the restrictions imposed by the policy, embedding of
third-party JavaScript code is allowed and commonly used. Nothing is
guaranteed about the integrity of such code. To tackle this deficiency,
solutions such as the subresource integrity standard have been recently
introduced. Given this background, this paper presents the first empirical
study on the temporal integrity of cross-origin JavaScript code. According
to the empirical results based on a ten day polling period of over 35
thousand scripts collected from popular websites, (i) temporal integrity
changes are relatively common; (ii) the adoption of the subresource integrity
standard is still in its infancy; and (iii) it is possible to statistically
predict whether a temporal integrity change is likely to occur. With these
results and the accompanying discussion, the paper makes an important
contribution to the research on the security and privacy in the Web.

Last updated on 2019-06-02 at 08:17