CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

App security with JSFlow

Daniel Hedin (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
IEEE/ACM International Conference on Mobile Software Engineering and Systems, MobileSoft 2016; Austin; United States; 16 May 2016 through 17 May 2016 p. 289-290. (2016)
[Konferensbidrag, refereegranskat]

This abstract accompanies a demo of app security using JSFlow [7]. The interested reader is encouraged to try the JSFlow tool [8] and get a full account of the theory and practice behind JSFlow, as detailed in a journal article [9]. The web has transitioned from simple, static pages to full edged applications. When loading a web application, content and scripts may be downloaded from various sources: the 1st party (the application provider), 3rd parties (e.g., library or service providers), as well other users (indirectly, via user generated content). The situation, where either of these sources is untrustworthy or malicious, may lead to attacker controlled code being executed on users' machines. This is particularly problematic, since attacker controlled code allows for complete circumvention of traditional protection mechanisms, and puts the users in the situation, where they cannot trust applications with sensitive information without endangering the con dentiality of the information.



Denna post skapades 2016-12-19. Senast ändrad 2017-05-15.
CPL Pubid: 246293

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)

Ämnesområden

Datorteknik

Chalmers infrastruktur