On the Integrity of Cross-Origin JavaScripts



Ruohonen Jukka, Salovaara Joonas, Leppänen Ville

Lech Jan Janczewski, Miroslaw Kutylowski

IFIP International Conference on ICT Systems Security and Privacy Protection

2018

IFIP Advances in Information and Communication Technology

ICT Systems Security and Privacy Protection: 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings

IFIP Advances in Information and Communication Technology

529

385

398

978-3-319-99827-5

DOIhttps://doi.org/10.1007/978-3-319-99828-2_27

https://link.springer.com/chapter/10.1007/978-3-319-99828-2_27

https://arxiv.org/abs/1809.05628


The cross-origin policy is a fundamental part of the world
wide web. Despite the restrictions imposed by the policy, embedding of
third-party JavaScript code is allowed and commonly used. Nothing is
guaranteed about the integrity of such code. To tackle this deficiency,
solutions such as the subresource integrity standard have been recently
introduced. Given this background, this paper presents the first empirical
study on the temporal integrity of cross-origin JavaScript code. According
to the empirical results based on a ten day polling period of over 35
thousand scripts collected from popular websites, (i) temporal integrity
changes are relatively common; (ii) the adoption of the subresource integrity
standard is still in its infancy; and (iii) it is possible to statistically
predict whether a temporal integrity change is likely to occur. With these
results and the accompanying discussion, the paper makes an important
contribution to the research on the security and privacy in the Web.



Last updated on 2024-26-11 at 19:09