Safe Wrappers and Sane Policies for Self Protecting JavaScript
Paper in proceedings, 2010

Phung et al (ASIACCS’09) describe a method for wrapping built-in functions of JavaScript programs in order to enforce security policies. The method is appealing because it requires neither deep transformation of the code nor browser modification. Unfortunately the implementation outlined suffers from a range of vulnerabilities, and policy construction is restrictive and error prone. In this paper we address these issues to provide a systematic way to avoid the identified vulnerabilities, and make it easier for the policy writer to construct declarative policies – i.e. policies upon which attacker code has no side effects.

Author

Jonas Magazinius

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

Phu Phung

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 7127 239-255

Areas of Advance

Information and Communication Technology

Subject Categories

Software Engineering

Computer Science

DOI

10.1007/978-3-642-27937-9_17

ISBN

978-364227936-2

More information

Created

10/6/2017