An Information Flow Monitor-Inlining Compiler for Securing a Core of JavaScript

José Fragoso Santos 1 Tamara Rezk 1
1 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : Web application designers and users alike are interested in isolation properties for trusted JavaScript code in order to prevent confi-dential resources from being leaked to untrusted parties. Noninterference provides the mathematical foundation for reasoning precisely about the information flows that take place during the execution of a program. Due to the dynamicity of the language, research on mechanisms for enforcing noninterference in JavaScript has mostly focused on dynamic approaches. We present the first information flow monitor inlining compiler for a re-alistic core of JavaScript. We prove that the proposed compiler enforces termination-insensitive noninterference and we provide an implementa-tion that illustrates its applicability.
Complete list of metadatas

Cited literature [11 references]  Display  Hide  Download

https://hal.inria.fr/hal-01087374
Contributor : José Fragoso Santos <>
Submitted on : Tuesday, November 25, 2014 - 10:20:57 PM
Last modification on : Thursday, January 11, 2018 - 4:23:45 PM
Long-term archiving on : Thursday, February 26, 2015 - 12:35:33 PM

File

instrumentation.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

José Fragoso Santos, Tamara Rezk. An Information Flow Monitor-Inlining Compiler for Securing a Core of JavaScript. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakesh, Morocco. pp.278-292, ⟨10.1007/978-3-642-55415-5_23⟩. ⟨hal-01087374⟩

Share

Metrics

Record views

431

Files downloads

180