Hybrid Typing of Secure Information Flow in a JavaScript-Like Language

Venue

Trustworthy Global Computing - 10^thh International Symposium, TGC 2015, Madrid, Spain, August 31 - September 1, 2015 Revised Selected Papers, pp. 63–78

Publication Year

2015

Identifiers

DOI: doi:10.1007/978-3-319-28766-9_5

Authors

José Fragoso Santos
Thomas Jensen
Tamara Rezk
Alan Schmitt

Abstract

As JavaScript is highly dynamic by nature, static information flow analyses are often too coarse to deal with the dynamic constructs of the language. To cope with this challenge, we present and prove the soundness of a new hybrid typing analysis for securing information flow in a JavaScript-like language. Our analysis combines static and dynamic typing in order to avoid rejecting programs due to imprecise typing information. Program regions that cannot be precisely typed at static time are wrapped inside an internal boundary statement used by the semantics to interleave the execution of statically verified code with the execution of code that must be dynamically checked.

Source Materials

Authors' Preprint/Accepted Version
Published Edition
BibTeX Citation