Aspectizing JavaScript Security
نویسندگان
چکیده
In this position paper we argue that aspects are wellsuited to describe and implement a range of strategies to make secure JavaScript-based applications. To this end, we review major categories of approaches to make client-side applications secure and discuss uses of aspects that exist for some of them. We also propose aspect-based techniques for the categories that have not yet been studied. We give examples of applications where aspects are useful as a general means to flexibly express and implement security policies for JavaScript.
منابع مشابه
Position Paper: The Case for JavaScript Transactions
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Without proper isolation, such content can compromise the security and privacy of these Web applications. Prior techniques for isolating untrusted JavaScript code do so by restricting dangerous constructs and inlining security checks into third-party code. This paper presents a new approach that ex...
متن کاملArchitectures for Inlining Security Monitors in Web Applications
Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-party JavaScript libraries exacerbates the problem because it is executed with the same privileges as the code that uses the libraries. An additional complication is that the different stakeholders have different interests in the security policies to be enforced in web applications. This paper focus...
متن کاملHybrid Analysis for JavaScript Security Assessment
With the proliferation of Web 2.0 technologies, functionality in web applications is increasingly moving from server-side to client-side code, primarily JavaScript. The dynamic and eventdriven nature of JavaScript code, which is often machine generated or obfuscated, combined with reliance on complex frameworks and asynchronous communication, makes it difficult to perform effective security aud...
متن کاملDynamic Information Flow Labeling in Javascript
Clientside scripting languages such as JavaScript are ubiquitous in modern, internet-connected computing, but pose a definite security risk to those who allow their execution. The widespread inclusion of thirdparty scripts into major websites increases the risks of malicious scripts interfering with the desired behavior of a page, and consequently decreases the level of security available to we...
متن کاملA Security Architecture for Server-Side JavaScript: Extended Abstract
Node.js is a popular JavaScript server-side framework with an efficient runtime for cloud-based eventdriven architectures. Its strength is the presence of thousands of third party libraries which allow developers to quickly build and deploy applications. These very libraries are a source of security threats as a vulnerability in one library can (and in some cases did) compromise one’s entire se...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013