CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Lightweight Approach to Enforcing Security Policies for JavaScript

Phu H. Phung (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
IEEE Symposium on Security and Privacy 2010 Posters (2010)
[Konferensbidrag, poster]

We present a method to intercept JavaScript built-in functions with security policies in order to control the behavior of security-relevant events in a web page so that unintended behavior can be prevented. The method is lightweight in the sense that it does not require browser modification, original code transformation, or language restriction (or extension). We also address possible vulnerabilities in the enforcement mechanism, and provide a systematic way to avoid the identified vulnerabilities, including general issues such as object and function subversion, and library-specific problems. The issue of untyped arguments in JavaScript is solved by declarative type checking that implements call-by-primitive-value idea to avoid possible side effects from attacker code. Enforceable security policies for JavaScript that can ensure the safety of the defined policies is also discussed.



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2010-11-08. Senast ändrad 2010-12-15.
CPL Pubid: 128765

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers) (2008-2010)

Ämnesområden

Informations- och kommunikationsteknik
Datalogi
Programvaruteknik

Chalmers infrastruktur