Sciweavers

CSFW
2009
IEEE

Tight Enforcement of Information-Release Policies for Dynamic Languages

14 years 7 months ago
Tight Enforcement of Information-Release Policies for Dynamic Languages
This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both terminationsensitive and insensitive security policies.
Aslan Askarov, Andrei Sabelfeld
Added 20 May 2010
Updated 20 May 2010
Type Conference
Year 2009
Where CSFW
Authors Aslan Askarov, Andrei Sabelfeld
Comments (0)