Hybrid Typing of Secure Information Flow in a JavaScript-like Language

José Fragoso Santos 1 Thomas Jensen 2 Tamara Rezk 1 Alan Schmitt 2
1 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
2 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : As JavaScript is highly dynamic by nature, static information flow analyses are often too coarse to deal with the dynamic constructs of the language. To cope with this challenge, we present and prove the soundness of a new hybrid typing analysis for securing information flow in a JavaScript-like language. Our analysis combines static and dynamic typing in order to avoid rejecting programs due to imprecise typing information. Program regions that cannot be precisely typed at static time are wrapped inside an internal boundary statement used by the semantics to interleave the execution of statically verified code with the execution of code that must be dynamically checked.
Type de document :
Communication dans un congrès
International Symposium on Trustworthy Global Computing, Aug 2015, Madrid, Spain. Proceedings of the 10th International Symposium on Trustworthy Global Computing (TGC 2015)
Liste complète des métadonnées


https://hal.archives-ouvertes.fr/hal-01243029
Contributeur : Alan Schmitt <>
Soumis le : lundi 14 décembre 2015 - 14:40:29
Dernière modification le : mercredi 12 juillet 2017 - 01:14:16
Document(s) archivé(s) le : samedi 29 avril 2017 - 13:06:15

Fichier

paper_7.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

  • HAL Id : hal-01243029, version 1

Citation

José Fragoso Santos, Thomas Jensen, Tamara Rezk, Alan Schmitt. Hybrid Typing of Secure Information Flow in a JavaScript-like Language. International Symposium on Trustworthy Global Computing, Aug 2015, Madrid, Spain. Proceedings of the 10th International Symposium on Trustworthy Global Computing (TGC 2015). <hal-01243029>

Partager

Métriques

Consultations de
la notice

733

Téléchargements du document

81