Explore a 27-minute conference talk that delves into a novel approach for protecting web users' privacy through JavaScript code monitoring based on code origin. Learn about the Temporal: Code-Origin Policy, which enhances the conventional same-origin policy standard and empowers users to customize their protection. Discover how this method addresses the ongoing issue of online privacy by providing formal assurance mechanisms for web applications. Gain insights into the policy certification process during development and runtime verification for enforcement. The talk covers the history of web security, current limitations, and the speaker's long-term vision for implementing this innovative privacy protection strategy.
Temporal - Code-Origin Policy - Towards a Formal User Privacy Protection for the Web
Overview
Syllabus
Introduction
History of the Web
Formation of the Web
Browser Security
Limitations
What we worry about
Current approaches
Approach
CodeOrigin Policy
Prototype Implementation
Policy Enforcement
Formal Insurance
Related work
Long term vision
Challenges
Taught by
OWASP Foundation
