Information-flow security for a core of JavaScript
Paper in proceedings, 2012

Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of JavaScript: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful enough to naturally encode native constructs as arrays, as well as functionalities of JavaScript's API from the document object model (DOM) related to document tree manipulation and event processing. As the main contribution, we develop a dynamic type system that guarantees information-flow security for this language.

Author

Daniel Hedin

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Proceedings of the Computer Security Foundations Symposium

1063-6900 (ISSN)

3-18

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science

Roots

Basic sciences

DOI

10.1109/CSF.2012.19

ISBN

978-076954718-3

More information

Created

10/8/2017