CanvasMirror: Secure integration of third-party libraries in a WebVR environment

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Web technology has evolved to offer 360-degree immersive browsing experiences. This new technology, called WebVR, enables virtual reality by rendering a three-dimensional world on an HTML canvas. Unfortunately, there exists no browser-supported way of sharing this canvas between different parties. As a result, third-party library providers with ill intent (e.g., stealing sensitive information from end-users) can easily distort the entire WebVR site. To mitigate the new threats posed in WebVR, we propose CanvasMirror, which allows publishers to specify the behaviors of third-party libraries and enforce this specification. We show that CanvasMirror effectively separates the third-party context from the host origin by leveraging the privilege separation technique and safely integrates VR contents on a shared canvas.

Original languageEnglish
Title of host publicationProceedings - 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Subtitle of host publicationSupplemental Volume, DSN-S 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages75-76
Number of pages2
ISBN (Electronic)9781728172606
DOIs
StatePublished - Jun 2020
Event50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks: Supplemental Volume, DSN-S 2020 - Valencia, Spain
Duration: 29 Jun 20202 Jul 2020

Publication series

NameProceedings - 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks: Supplemental Volume, DSN-S 2020

Conference

Conference50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks: Supplemental Volume, DSN-S 2020
Country/TerritorySpain
CityValencia
Period29/06/202/07/20

Keywords

  • Third-party sandboxing
  • Web security
  • WebVR

Fingerprint

Dive into the research topics of 'CanvasMirror: Secure integration of third-party libraries in a WebVR environment'. Together they form a unique fingerprint.

Cite this