• DocumentCode
    2947536
  • Title

    Information-Flow Security for a Core of JavaScript

  • Author

    Hedin, Dan ; Sabelfeld, Andrei

  • Author_Institution
    Chalmers Univ. of Technol., Gothenburg, Sweden
  • fYear
    2012
  • fDate
    25-27 June 2012
  • Firstpage
    3
  • Lastpage
    18
  • Abstract
    Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of Java Script: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful enough to naturally encode native constructs as arrays, as well as functionalities of Java Script´s API from the document object model (DOM) related to document tree manipulation and event processing. As the main contribution, we develop a dynamic type system that guarantees information-flow security for this language.
  • Keywords
    Java; application program interfaces; security of data; DOM; JavaScript API; JavaScript core; document object model; document tree manipulation; dynamic code evaluation; dynamic languages; event processing; higher-order functions; information-flow security; native constructs; Context; Mashups; Security; Semantics; Sensitivity; Standards; Syntactics; information-flow security; language based security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium (CSF), 2012 IEEE 25th
  • Conference_Location
    Cambridge, MA
  • ISSN
    1940-1434
  • Print_ISBN
    978-1-4673-1918-8
  • Electronic_ISBN
    1940-1434
  • Type

    conf

  • DOI
    10.1109/CSF.2012.19
  • Filename
    6266148
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2947536