How I Learned to Stop Worrying and Love Plugins

Free registration required

Executive Summary

This position paper argues that browsers should be responsible for specifying and enforcing security policies for browser plugins. By enabling the browser to make security decisions on behalf of the plugin, browsers can significantly reduce the impact of plugin vulnerabilities and eliminate much of the risk posed by today's plugin exploits. The authors propose policies for document access, persistent state, network connections and other devices that browser-based security policy can implement. Web browser plugins have become a ubiquitous tool on the Internet for videos, music, and documents.

  • Format: PDF
  • Size: 105.5 KB