%0 Conference Proceedings
%T An Information Flow Monitor-Inlining Compiler for Securing a Core of JavaScript
%+ Secure Diffuse Programming (INDES)
%A Fragoso Santos, José
%A Rezk, Tamara
%Z Part 6: Information Flow Control
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 29th IFIP International Information Security Conference (SEC)
%C Marrakesh, Morocco
%I Springer
%3 ICT Systems Security and Privacy Protection
%V AICT-428
%P 278-292
%8 2014-06-02
%D 2014
%R 10.1007/978-3-642-55415-5_23
%Z Computer Science [cs]/Symbolic Computation [cs.SC]
%Z Computer Science [cs]/Programming Languages [cs.PL]
%Z Computer Science [cs]/Formal Languages and Automata Theory [cs.FL]
%Z Computer Science [cs]/WebConference papers
%X Web application designers and users alike are interested in isolation properties for trusted JavaScript code in order to prevent confi-dential resources from being leaked to untrusted parties. Noninterference provides the mathematical foundation for reasoning precisely about the information flows that take place during the execution of a program. Due to the dynamicity of the language, research on mechanisms for enforcing noninterference in JavaScript has mostly focused on dynamic approaches. We present the first information flow monitor inlining compiler for a re-alistic core of JavaScript. We prove that the proposed compiler enforces termination-insensitive noninterference and we provide an implementa-tion that illustrates its applicability.
%G English
%Z TC 11
%2 https://inria.hal.science/hal-01087374/document
%2 https://inria.hal.science/hal-01087374/file/instrumentation.pdf
%L hal-01087374
%U https://inria.hal.science/hal-01087374
%~ INRIA
%~ INRIA-SOPHIA
%~ INRIASO
%~ INRIA_TEST
%~ TESTALAIN1
%~ IFIP
%~ IFIP-AICT
%~ INRIA2
%~ IFIP-TC
%~ IFIP-AICT-428
%~ IFIP-TC11
%~ IFIP-SEC
%~ IFIP-2010
%~ INRIA_WEB