DocumentCode :
2947536
Title :
Information-Flow Security for a Core of JavaScript
Author :
Hedin, Dan ; Sabelfeld, Andrei
Author_Institution :
Chalmers Univ. of Technol., Gothenburg, Sweden
fYear :
2012
fDate :
25-27 June 2012
Firstpage :
3
Lastpage :
18
Abstract :
Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of Java Script: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful enough to naturally encode native constructs as arrays, as well as functionalities of Java Script´s API from the document object model (DOM) related to document tree manipulation and event processing. As the main contribution, we develop a dynamic type system that guarantees information-flow security for this language.
Keywords :
Java; application program interfaces; security of data; DOM; JavaScript API; JavaScript core; document object model; document tree manipulation; dynamic code evaluation; dynamic languages; event processing; higher-order functions; information-flow security; native constructs; Context; Mashups; Security; Semantics; Sensitivity; Standards; Syntactics; information-flow security; language based security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Foundations Symposium (CSF), 2012 IEEE 25th
Conference_Location :
Cambridge, MA
ISSN :
1940-1434
Print_ISBN :
978-1-4673-1918-8
Electronic_ISBN :
1940-1434
Type :
conf
DOI :
10.1109/CSF.2012.19
Filename :
6266148
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2947536
بازگشت