CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Tight Enforcement of Information-Release Policies for Dynamic Languages

Aslan Askarov ; Andrei Sabelfeld (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
2009 22nd IEEE Computer Security Foundations Symposium, CSF 2009; Port Jefferson, NY; United States; 8 July 2009 through 10 July 2009 (19401434). p. 43-59. (2009)
[Konferensbidrag, refereegranskat]

This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both termination-sensitive and insensitive security policies.


Article number 5230486



Denna post skapades 2009-12-11. Senast ändrad 2016-06-23.
CPL Pubid: 103421

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers) (2008-2010)

Ämnesområden

Information Technology

Chalmers infrastruktur