An Information Flow Monitor-Inlining Compiler for Securing a Core of JavaScript

José Fragoso Santos 1 Tamara Rezk 1
1 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : Web application designers and users alike are interested in isolation properties for trusted JavaScript code in order to prevent confi-dential resources from being leaked to untrusted parties. Noninterference provides the mathematical foundation for reasoning precisely about the information flows that take place during the execution of a program. Due to the dynamicity of the language, research on mechanisms for enforcing noninterference in JavaScript has mostly focused on dynamic approaches. We present the first information flow monitor inlining compiler for a re-alistic core of JavaScript. We prove that the proposed compiler enforces termination-insensitive noninterference and we provide an implementa-tion that illustrates its applicability.
Type de document :
Communication dans un congrès
29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakesh, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.278-292, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_23〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01087374
Contributeur : José Fragoso Santos <>
Soumis le : mardi 25 novembre 2014 - 22:20:57
Dernière modification le : jeudi 11 janvier 2018 - 16:23:45
Document(s) archivé(s) le : jeudi 26 février 2015 - 12:35:33

Fichier

instrumentation.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

José Fragoso Santos, Tamara Rezk. An Information Flow Monitor-Inlining Compiler for Securing a Core of JavaScript. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakesh, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.278-292, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_23〉. 〈hal-01087374〉

Partager

Métriques

Consultations de la notice

263

Téléchargements de fichiers

93