CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control

Heule Stefan ; Deian Stefan ; Edward Z. Yang ; Alejandro Russo (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; John C. Mitchell
Proceedings of the 4th Conference on Principles of Security and Trust (POST 2015) (2015)
[Konferensbidrag, refereegranskat]

Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient implementation of information flow control (IFC). Unfortunately existing fine-grained approaches to JavaScript IFC require modifications to the language semantics and its engine, a non-goal for browser applications. In this work, we take the ideas of coarse-grained dynamic IFC and provide the theoretical foundation for a language-based approach that can be applied to any programming language for which external effects can be controlled. We then apply this formalism to server and client-side JavaScript, show how it generalizes to the C programming language, and connect it to the Haskell LIO system. Our methodology offers design principles for the construction of information flow control systems when isolation can easily be achieved, as well as compositional proofs for optimized concrete implementations of these systems, by relating them to their isolated variants.

Nyckelord: Non-interference, security, JavaScript



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2015-01-30. Senast ändrad 2016-05-11.
CPL Pubid: 211837

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)