CanvasMirror: Secure Integration of Third-Party Libraries in a WebVR Environment
| Title | CanvasMirror: Secure Integration of Third-Party Libraries in a WebVR Environment |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Lee, J. |
| Conference Name | 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S) |
| Date Published | June 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-7260-6 |
| Keywords | 360-degree immersive browsing experiences, Browsers, CanvasMirror, composability, cyber physical systems, HTML canvas, Human Behavior, human factors, hypermedia markup languages, immersive systems, Internet, Libraries, Load modeling, Loading, online front-ends, privacy, pubcrawl, rendering (computer graphics), resilience, secure integration, security, sensitive information, shared canvas, third-party context, third-party library providers, third-party sandboxing, Three-dimensional displays, three-dimensional world, virtual reality, web security, Web technology, WebVR, WebVR environment, WebVR site |
| Abstract | Web technology has evolved to offer 360-degree immersive browsing experiences. This new technology, called WebVR, enables virtual reality by rendering a three-dimensional world on an HTML canvas. Unfortunately, there exists no browser-supported way of sharing this canvas between different parties. As a result, third-party library providers with ill intent (e.g., stealing sensitive information from end-users) can easily distort the entire WebVR site. To mitigate the new threats posed in WebVR, we propose CanvasMirror, which allows publishers to specify the behaviors of third-party libraries and enforce this specification. We show that CanvasMirror effectively separates the third-party context from the host origin by leveraging the privilege separation technique and safely integrates VR contents on a shared canvas. |
| URL | https://ieeexplore.ieee.org/document/9159137 |
| DOI | 10.1109/DSN-S50200.2020.00040 |
| Citation Key | lee_canvasmirror_2020 |
- Three-dimensional displays
- resilience
- secure integration
- security
- sensitive information
- shared canvas
- third-party context
- third-party library providers
- third-party sandboxing
- rendering (computer graphics)
- three-dimensional world
- virtual reality
- web security
- Web technology
- WebVR
- WebVR environment
- WebVR site
- hypermedia markup languages
- 360-degree immersive browsing experiences
- Browsers
- CanvasMirror
- composability
- cyber physical systems
- HTML canvas
- Human behavior
- Human Factors
- immersive systems
- internet
- Libraries
- Load modeling
- Loading
- online front-ends
- privacy
- pubcrawl