CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Information-Flow Tracking for Dynamic Languages

Luciano Bello (Institutionen för data- och informationsteknik (Chalmers))
Göteborg : Chalmers University of Technology, 2013. - 106 s.

This thesis explores information-flow tracking technologies and their applicability on industrial-scale dynamic programming languages. We aim to narrow the gap between the need for flexibility in current dynamic languages and the solid well-studied mechanisms from academia. Instead of translating perfect sound theoretical results into a practical implementation, this thesis focuses on practical problems found in dynamic languages and, from them on, looks for the academic support to tackle them. We investigate the compromise between security and flexibility for protecting confidentiality and integrity. Furthermore, using purely dynamic techniques, we implement our ideas to demonstrate their practicability. On the integrity protection side, a taint mode for Python has been implemented. Thanks to the flexibility of this language, the implementation is shipped as a library, allowing it to be used in Cloud Computing environments. On the confidentiality side, two works are presented which differ in their security property. On one hand, a dynamic dependency analysis is suggested as an alternative to flow-sensitive monitors. By relaxing the ambition of blocking every possible leak, we improve permissiveness, even for programming languages that support dynamic evaluation (such as the eval construct). On the other hand, a full JavaScript monitor was developed to enforce non-interference in the complex scenario of the web. This implementation allows us to explore the scalability boundaries of dynamic information-flow enforcements.

Nyckelord: information security, information flow, dependency analysis, information integrity, information confidentiality, privacy

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2013-09-12. Senast ändrad 2016-03-04.
CPL Pubid: 183232


Institutioner (Chalmers)

Institutionen för data- och informationsteknik (Chalmers)


Informations- och kommunikationsteknik

Chalmers infrastruktur

Relaterade publikationer

Inkluderade delarbeten:

Towards a Taint Mode for Cloud Computing Web Application


Datum: 2013-10-09
Tid: 10:00
Lokal: EB, ED&IT building, Rännvägen 6B, Chalmers University of Technology
Opponent: Dr. Marco Pistoia, IBM Research Center, Yorktown Heights, NY, USA.

Ingår i serie

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University 104L