Blogs (9) >>
SPLASH 2016
Sun 30 October - Fri 4 November 2016 Amsterdam, Netherlands
SPLASH 2016 (series) / META 2016 (series) / Workshop on Meta-Programming Techniques and Reflection /

Declaratively Specifying Security Policies For Web Applications

Angel Luis Scull Pupo, Jens Nicolay, Elisa Gonzalez Boix
META 2016

Display in different time zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
Apply
Close
Sun 30 Oct 2016 13:30 - 14:00 at Matterhorn 3 - Security & Capability-based Designs Chair(s): Shigeru Chiba

The complex architecture of browser technologies and dynamic characteristics of JavaScript make it difficult to ensure security in client-side web applications. Browser-level policies alone, such as Content Security Policy and Same-Origin Policy, are not sufficient because they are implemented inconsistently across browsers and can be bypassed. At the application level, however, there exists no specification language for expressing a wide range of security policies in a composable and reusable manner. In this paper we develop a declarative language for encoding an combining security policies in the context of JavaScript web applications. We explore JavaScript’s reflection capabilities to enforce these security policies dynamically. We validate our work by expressing common security policies encountered in the literature.

Paper (meta16-final6.pdf)208KiB
small-avatar
Angel Luis Scull Pupo
Sofware Languages Lab, Vrije Universiteit Brussel
Jens Nicolay
Jens Nicolay
Vrije Universiteit Brussel, Belgium
Belgium
Elisa Gonzalez Boix
Elisa Gonzalez Boix
Vrije Universiteit Brussel
Belgium

Display in different time zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
Apply
Close

Sun 30 Oct
Times are displayed in time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

meta2016
13:30 - 15:10: Meta 2016 - Security & Capability-based Designs at Matterhorn 3
Chair(s): Shigeru ChibaUniversity of Tokyo
meta201613:30 - 14:00
Talk
Angel Luis Scull PupoSofware Languages Lab, Vrije Universiteit Brussel, Jens NicolayVrije Universiteit Brussel, Belgium, Elisa Gonzalez BoixVrije Universiteit Brussel
Media Attached File Attached
meta201614:00 - 14:30
Talk
Prakasam KannanSan Jose State University, Thomas H. Austin, Mark StampSan Jose State University, Tim Disney, Cormac FlanaganUniversity of California, Santa Cruz
Media Attached File Attached
meta201614:30 - 15:00
Talk
Esther WangCarnegie Mellon University, Jonathan AldrichCarnegie Mellon University
Media Attached File Attached