Blogs (9) >>
SPLASH 2016
Sun 30 October - Fri 4 November 2016 Amsterdam, Netherlands
Sun 30 Oct 2016 14:00 - 14:30 at Matterhorn 3 - Security & Capability-based Designs Chair(s): Shigeru Chiba

Security controls such as taint analysis and information flow analysis can be powerful tools to protect against many common attacks. However, incorporating these controls into a language such as JavaScript is challenging. Native implementations require the support of all JavaScript VMs. Code rewriting requires developers to reason about the entire abstract syntax of JavaScript.

In this paper, we demonstrate how virtual values may be used to more easily integrate these security controls. Virtual values provide hooks to alter the behavior of primitive operations, allowing programmers to create the desired security controls in a more declarative fashion, facilitating more rapid prototyping.

We demonstrate how virtual values may be encoded in JavaScript using a combination of JavaScript object proxies and the Sweet.js macro library, and use that implementation to build taint and information flow controls into JavaScript. Finally, we show some benchmark results to demonstrate the overhead of this approach.

Paper (meta16-final1.pdf)181KiB

Sun 30 Oct

meta2016
13:30 - 15:10: Meta 2016 - Security & Capability-based Designs at Matterhorn 3
Chair(s): Shigeru ChibaUniversity of Tokyo
meta2016147783060000013:30 - 14:00
Talk
Angel Luis Scull PupoSofware Languages Lab, Vrije Universiteit Brussel, Jens NicolayVrije Universiteit Brussel, Belgium, Elisa Gonzalez BoixVrije Universiteit Brussel
Media Attached File Attached
meta2016147783240000014:00 - 14:30
Talk
Prakasam KannanSan Jose State University, Thomas H. Austin, Mark StampSan Jose State University, Tim Disney, Cormac FlanaganUniversity of California, Santa Cruz
Media Attached File Attached
meta2016147783420000014:30 - 15:00
Talk
Esther WangCarnegie Mellon University, Jonathan AldrichCarnegie Mellon University
Media Attached File Attached