Sciweavers

Free Online Productivity Tools i2Speak i2Symbol i2OCR iTex2Img iWeb2Print iWeb2Shot i2Type iPdf2Split iPdf2Merge i2Bopomofo i2Arabic i2Style i2Image i2PDF iLatex2Rtf Sci2ools

19

CSFW
2012
IEEE

favoriteEmaildiscussreport

249views Security Privacy» more CSFW 2012»

Information-Flow Security for a Core of JavaScript

11 years 7 months ago

Information-Flow Security for a Core of JavaScript

Download www.cse.chalmers.se

—Tracking information ﬂow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of JavaScript: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful enough to naturally encode native constructs as arrays, as well as functionalities of JavaScript’s API from the document object model (DOM) related to document tree manipulation and event processing. As the main contribution, we develop a dynamic type system that guarantees information-ﬂow security for this language.

Daniel Hedin, Andrei Sabelfeld

Real-time Traffic

CSFW 2012 | Document Object Model | Security Privacy | Substantial Headway | Tree Manipulation |

claim paper

Related Content

» Analyzing Information Flow in JavaScriptBased Browser Extensions

» An empirical study of privacyviolating information flows in JavaScript web applications

» Staged information flow for javascript

» The Essence of JavaScript

» Multiple facets for dynamic information flow

» JavaScript instrumentation for browser security

» Dynamic security labels and static information flow control

» Specifying InformationFlow Controls

» Secure Information Flow as Typed Process Behaviour

Post Info
More Details (n/a)

Added	28 Sep 2012
Updated	28 Sep 2012
Type	Journal
Year	2012
Where	CSFW
Authors	Daniel Hedin, Andrei Sabelfeld

Comments (0)