Information-Flow Security for a Core of JavaScript

11 years 5 months ago
Information-Flow Security for a Core of JavaScript
—Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of JavaScript: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful enough to naturally encode native constructs as arrays, as well as functionalities of JavaScript’s API from the document object model (DOM) related to document tree manipulation and event processing. As the main contribution, we develop a dynamic type system that guarantees information-flow security for this language.
Daniel Hedin, Andrei Sabelfeld
Added 28 Sep 2012
Updated 28 Sep 2012
Type Journal
Year 2012
Where CSFW
Authors Daniel Hedin, Andrei Sabelfeld
Comments (0)