An Information Flow Monitor for a Core of DOM: Introducing references and live primitives

Abstract : We propose and prove sound a novel, purely dynamic, flow-sensitive monitor for securing information flow in an imperative language extended with DOM-like tree operations, that we call Core DOM. In Core DOM, as in the DOM API, tree nodes are treated as first-class values. We take advantage of this feature in order to implement an information flow control mechanism that is finer-grained than previous approaches in the literature. Furthermore, we extend Core DOM with additional constructs to model the behavior of live collections in the DOM Core Level 1 API. We show that this kind of construct effectively augments the observational power of an attacker and we modify the proposed monitor so as to tackle newly introduced forms of information leaks.
Type de document :
Communication dans un congrès
Symposium on Trustworthy Global Computing (TGC), Sep 2014, Rome, Italy
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01087375
Contributeur : José Fragoso Santos <>
Soumis le : mardi 25 novembre 2014 - 22:55:28
Dernière modification le : jeudi 11 janvier 2018 - 16:43:45
Document(s) archivé(s) le : jeudi 26 février 2015 - 12:35:42

Fichier

coreDom.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01087375, version 1

Collections

Citation

Ana Almeida Matos, José Fragoso Santos, Tamara Rezk. An Information Flow Monitor for a Core of DOM: Introducing references and live primitives. Symposium on Trustworthy Global Computing (TGC), Sep 2014, Rome, Italy. 〈hal-01087375〉

Partager

Métriques

Consultations de la notice

132

Téléchargements de fichiers

58