Staged information flow for javascript
نویسندگان
چکیده
منابع مشابه
Rewriting-based Dynamic Information Flow for JavaScript
JavaScript web applications often dynamically load third-party code, which in some cases can steal or corrupt important client information. In this paper, we present a rewriting-based approach for enforcing confidentiality and integrity policies that respectively specify what information can flow into and from untrusted thirdparty code. We have implemented our approach in the Chrome browser, an...
متن کاملDynamic Information Flow Labeling in Javascript
Clientside scripting languages such as JavaScript are ubiquitous in modern, internet-connected computing, but pose a definite security risk to those who allow their execution. The widespread inclusion of thirdparty scripts into major websites increases the risks of malicious scripts interfering with the desired behavior of a page, and consequently decreases the level of security available to we...
متن کاملInformation Flow Control in WebKit's JavaScript Bytecode
Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari’s WebKit engine...
متن کاملGULFSTREAM: Staged Static Analysis for Streaming JavaScript Applications
The advent of Web 2.0 has led to the proliferation of client-side code that is typically written in JavaScript. Recently, there has been an upsurge of interest in static analysis of client-side JavaScript for applications such as bug finding and optimization. However, most approaches in static analysis literature assume that the entire program is available to analysis. This, however, is in dire...
متن کاملInformation-flow security for JavaScript and its APIs
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web applications combine services from different providers. The script inclusion mechanism routinely turns barebone web pages into full-fledged services built up from third-party code. Script inclusion poses a challenge of ensuring that the integrated third-party code respects security and privacy. Th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM SIGPLAN Notices
سال: 2009
ISSN: 0362-1340,1558-1160
DOI: 10.1145/1543135.1542483