Information-flow security for a core of JavaScript
Paper in proceeding, 2012
Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of JavaScript: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful enough to naturally encode native constructs as arrays, as well as functionalities of JavaScript's API from the document object model (DOM) related to document tree manipulation and event processing. As the main contribution, we develop a dynamic type system that guarantees information-flow security for this language.
Author
Daniel Hedin
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Andrei Sabelfeld
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Proceedings. The Computer Security Foundations Workshop III
1063-6900 (ISSN)
3-18978-076954718-3 (ISBN)
Areas of Advance
Information and Communication Technology
Subject Categories
Computer and Information Science
Roots
Basic sciences
DOI
10.1109/CSF.2012.19
ISBN
978-076954718-3