Information-Flow Security for a Core of JavaScript

12 years 1 months ago

Download www.cse.chalmers.se

—Tracking information ﬂow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of JavaScript: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful enough to naturally encode native constructs as arrays, as well as functionalities of JavaScript’s API from the document object model (DOM) related to document tree manipulation and event processing. As the main contribution, we develop a dynamic type system that guarantees information-ﬂow security for this language.

Daniel Hedin, Andrei Sabelfeld

Real-time Traffic

CSFW 2012 | Document Object Model | Security Privacy | Substantial Headway | Tree Manipulation |

claim paper

Post Info
More Details (n/a)

Added	28 Sep 2012
Updated	28 Sep 2012
Type	Journal
Year	2012
Where	CSFW
Authors	Daniel Hedin, Andrei Sabelfeld

Comments (0)

Sciweavers

Information-Flow Security for a Core of JavaScript

CSFW 2012 | Document Object Model | Security Privacy | Substantial Headway | Tree Manipulation |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers