Skip to Main content Skip to Navigation
Conference papers

Hybrid Typing of Secure Information Flow in a JavaScript-like Language

José Fragoso Santos 1 Thomas Jensen 2 Tamara Rezk 1 Alan Schmitt 2
1 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
2 CELTIQUE - Software certification with semantic analysis
IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL, Inria Rennes – Bretagne Atlantique
Abstract : As JavaScript is highly dynamic by nature, static information flow analyses are often too coarse to deal with the dynamic constructs of the language. To cope with this challenge, we present and prove the soundness of a new hybrid typing analysis for securing information flow in a JavaScript-like language. Our analysis combines static and dynamic typing in order to avoid rejecting programs due to imprecise typing information. Program regions that cannot be precisely typed at static time are wrapped inside an internal boundary statement used by the semantics to interleave the execution of statically verified code with the execution of code that must be dynamically checked.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Alan Schmitt <>
Submitted on : Monday, December 14, 2015 - 2:40:29 PM
Last modification on : Tuesday, December 8, 2020 - 9:47:20 AM
Long-term archiving on: : Saturday, April 29, 2017 - 1:06:15 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License


  • HAL Id : hal-01243029, version 1


José Fragoso Santos, Thomas Jensen, Tamara Rezk, Alan Schmitt. Hybrid Typing of Secure Information Flow in a JavaScript-like Language. International Symposium on Trustworthy Global Computing, Aug 2015, Madrid, Spain. ⟨hal-01243029⟩



Record views


Files downloads