CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Tracking Information Flow in Dynamic Tree Structures

Alejandro Russo (Institutionen för data- och informationsteknik, Datavetenskap (Chalmers)) ; Andrei Sabelfeld (Institutionen för data- och informationsteknik, Datavetenskap (Chalmers)) ; Andrey Chudnov
Lecture Notes in Computer Science: 14th European Symposium on Research in Computer Security, ESORICS 2009; Saint-Malo; France; 21 September 2009 through 23 September 2009 p. 86-103. (2009)
[Konferensbidrag, refereegranskat]

This paper explores the problem of tracking information flow in dynamic tree structures. Motivated by the problem of manipulating the Document Object Model (DOM) trees by browser-run client-side scripts, we address the dynamic nature of interactions via tree structures.We present a runtime enforcement mechanism that monitors this interaction and prevents a range of attacks, some of them missed by previous approaches, that exploit the tree structure in order to transfer sensitive information. We formalize our approach for a simple language with DOM-like tree operations and show that the monitor prevents scripts from disclosing secrets.



Denna post skapades 2009-08-19. Senast ändrad 2016-05-24.
CPL Pubid: 96195

 

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Datavetenskap (Chalmers)

Ämnesområden

Datavetenskap (datalogi)

Chalmers infrastruktur