Tight Enforcement of Information-Release Policies for Dynamic Languages

14 years 6 months ago

Download www.cs.cornell.edu

This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-ﬂy static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both terminationsensitive and insensitive security policies.

Aslan Askarov, Andrei Sabelfeld

Real-time Traffic

CSFW 2009 | Dynamic Code Evaluation | Insensitive Security Policies | Intuitive Framework | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	20 May 2010
Updated	20 May 2010
Type	Conference
Year	2009
Where	CSFW
Authors	Aslan Askarov, Andrei Sabelfeld

Comments (0)

Sciweavers

Tight Enforcement of Information-Release Policies for Dynamic Languages

CSFW 2009 | Dynamic Code Evaluation | Insensitive Security Policies | Intuitive Framework | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers