Fine-Grained Data-Centric Content Protection Policy for Web Applications

The vast amount of sensitive data in modern web applications has become a prime target for cyberattacks. Existing browser security policies disallow the execution of unknown scripts but do not restrict access to sensitiveweb content by "trusted" third-party scripts. Prior works have observed that over-privileged third-party scripts can compromise the confidentiality and integrity of sensitive user data in the applications, which introduces vital security issues to web applications. This paper proposes Content Protection Policy (CPP), a new web security mechanism for providing fine-grained confidentiality and integrity protection for sensitive client-side user data. It enables object-level protection instead of page-level protection by taking a data-centric design approach. A policy specifies the access permission of each script on individual sensitive elements. Any unauthorized access is denied by default to achieve the least privilege in the browser. We implemented a prototype system-DOMinator-to enforce the content protection policies in the browser, and an extension-policy generator-to help web developers write basic policy rules. We thoroughly evaluated it with popular websites and showed that it could effectively protect sensitive web content with a low performance overhead and great usability. CPP complements existing security mechanisms and provides web developers with a more flexible way to protect sensitive data, which can further mitigate the impact of content injection attacks and significantly improve the security of web applications.