Affiliation:
1. San José State University, San Jose, CA
2. University of California, Santa Cruz, CA
Abstract
JavaScript is the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources runs with full privileges.
Information flow controls
help prevent violations of data confidentiality and integrity.
This article explores
faceted values
, a mechanism for providing information flow security in a dynamic manner that avoids the stuck executions of some prior approaches, such as the no-sensitive-upgrade technique. Faceted values simultaneously simulate multiple executions for different security levels to guarantee termination-insensitive noninterference. We also explore the interaction of faceted values with exceptions, declassification, and clearance.
Publisher
Association for Computing Machinery (ACM)
Reference66 articles.
1. Termination-Insensitive Noninterference Leaks More Than Just a Bit
2. A Semantic Framework for Declassification and Endorsement
3. Catch me if you can
4. Tight Enforcement of Information-Release Policies for Dynamic Languages
5. Thomas H. Austin. 2011. ZaphodFacetes github page. Retreived from https://github.com/taustin/ZaphodFacets. Thomas H. Austin. 2011. ZaphodFacetes github page. Retreived from https://github.com/taustin/ZaphodFacets.
Cited by
10 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献