April 2011
M T W T F S S
« Mar   May »
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

Archives

Archives

Approaches to JavaScript Security

This is, as best as I can give right now, an exhaustive enumeration of all the different approaches to JavaScript security.

Source Translation. Does a source-to-source translation of JS into a secure subset. The technique is used to jail an included javascript, passing to it only those references to the outside world that it absolutely […]

Security Typing for JavaScript

Devil in the details.

I’d like to repeat an example (given my Mark Miller in his work on E), of two different ways to copy a file, and the security implications of each. First,

shell$ cp foo.txt bar.txt

This command invokes a copy program that will:

recognize foo.txt as a filename. recognize bar.txt as another […]

The Wrapper Conundrum

In my information flow research, we have the objective of attaching a security label to every object/value within the running system of a JavaScript VM. Two approaches are immediately evident:

Fat Values. We can extend the native encoding of values to include a pointer to the label attached to that value. In JS, this means […]