Hybrid Typing of Secure Information Flow in a JavaScript-like Language

José Fragoso Santos 1 Thomas Jensen 2 Tamara Rezk 1 Alan Schmitt 2
1 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
2 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : As JavaScript is highly dynamic by nature, static information flow analyses are often too coarse to deal with the dynamic constructs of the language. To cope with this challenge, we present and prove the soundness of a new hybrid typing analysis for securing information flow in a JavaScript-like language. Our analysis combines static and dynamic typing in order to avoid rejecting programs due to imprecise typing information. Program regions that cannot be precisely typed at static time are wrapped inside an internal boundary statement used by the semantics to interleave the execution of statically verified code with the execution of code that must be dynamically checked.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [19 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01243029
Contributor : Alan Schmitt <>
Submitted on : Monday, December 14, 2015 - 2:40:29 PM
Last modification on : Wednesday, February 20, 2019 - 2:32:03 PM
Document(s) archivé(s) le : Saturday, April 29, 2017 - 1:06:15 PM

File

paper_7.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

  • HAL Id : hal-01243029, version 1

Citation

José Fragoso Santos, Thomas Jensen, Tamara Rezk, Alan Schmitt. Hybrid Typing of Secure Information Flow in a JavaScript-like Language. International Symposium on Trustworthy Global Computing, Aug 2015, Madrid, Spain. ⟨hal-01243029⟩

Share

Metrics

Record views

2561

Files downloads

166