Ensuring the Integrity of Outsourced Web Scripts

Josselin Mignerey, Cyrille Mucchietto, Jean-Baptiste Orfila


Dynamic web browsing, supported by web scripting languages such as JavaScript, has quickly conquered the Internet. In spite of the obvious advantages they offer, they have also opened many security flaws for the user browsing. The browser starts by retrieving some external scripts, potentially distributed over many servers. In terms of security, this process is extremely sensitive, therefore many solutions have been introduced to secure web browsing. Unfortunately, they mostly rely on server side actions. Hence, a malicious server is able to compromise the client by modifying the security policy and the scripts sent. We propose an efficient solution, which does not require any trust in the servers, to ensure the integrity of distributed web scripts. Our protocols rely on simple cryptographic tools, such as digital signature schemes and hash functions. In the end, we provide a proven secure, user-friendly and easy-to-deploy solution which only adds a small latency in the end-user browsing.


Paper Citation