Title :
Secure Behavior of Web Browsers to Prevent Information Leakages
Author :
Tateishi, Takaaki ; Tabuchi, Naoshi
Author_Institution :
IBM Res., Tokyo
Abstract :
Recently Web browsers are widely used as client-side application platforms beyond the traditional use of Web browsers. One of main reasons for such evolution of the browsers is the client-side JavaScript language that can execute programs embedded in a document. However, Web applications with client-side JavaScript programs have problems of leaking private information (such as cookie information) due to interactions between the browser and scripts embedded in the document. We propose a new calculus representing browser behavior that prevents information from leakage by means of language-based information flow. The proposed calculus can deal with script rewriting and higher-order functions. In addition, our calculus has a noninterference property depending on a security policy statically given by the user.
Keywords :
Java; online front-ends; security of data; Web browsers; client-side JavaScript language; client-side application platforms; higher-order functions; information leakages; language-based information flow; private information; script rewriting; secure behavior; Application software; Calculus; Data security; Information security; Java; Laboratories; Leak detection; Software engineering; Uniform resource locators; Web server;
Conference_Titel :
Software Engineering Conference, 2007. APSEC 2007. 14th Asia-Pacific
Conference_Location :
Aichi
Print_ISBN :
0-7695-3057-5
DOI :
10.1109/ASPEC.2007.50
