|
Typically, web authors simply load whatever library they’d like to use with full trust. In JS, such loading amounts essentially to a #include. I’m flabbergasted that this practice remains normal. It could be paranoia, but even without invoking all the security concerns, I’d be reluctant to include other people’s code simply because of the potential […]
In my last post on Information Flow, I noticed that some flows are more informative than others. I used a switch statement for my illustrative example of that observation. But, from my experience as a software developer, I have a small aversion to switch statements. Usually, when I feel compelled to use one, it’s because […]
When I was writing last post about information flow terminology, I noticed something interesting: when knowledge of control flows are used to determine the values of variables, some branches yield more information than others. Previously, I had only considered the binary if-then-else branch. Today, I shall examine a switch-case statement, which exhibits asymmetric information flow.
[…]
Information flow is about tracking the flows of information within a computer program, i.e. what values influence other values as the program executes. Denning and Denning looked at this problem in the late 1970’s [1, 2] and distinguished between flows that occur due to a data dependence (such as assignment) and flows which occur due […]
I got into a mild argument about static vs. dynamic typing. I recognize that static typing can be verbose to the point of being repetitious. Take Java generics for example:
List<String> astr = new ArrayList<String>();
List<String> astr = new ArrayList<String>();
There really isn’t a great reason why the compiler can’t infer the type of […]
I’ve noticed in my work recently that documenting my work is one of the most reliable ways of making steady progress. I likely gathered the idea from the internet somewhere, or perhaps from the generous amounts of advice spewed forth from my postdoc. But I do remember, when I was looking up some stuff surrounding […]
Augmenting the Capability Model with Information Flows
I’ve already convinced myself that labels are best implemented as tags on primitive values and references. In JavaScript, it is sometimes useful to view an object as a heterogeneous hash table, mapping field names to data. Having to provide a label for the object itself, rather than a […]
This is, as best as I can give right now, an exhaustive enumeration of all the different approaches to JavaScript security.
Source Translation. Does a source-to-source translation of JS into a secure subset. The technique is used to jail an included javascript, passing to it only those references to the outside world that it absolutely […]
Devil in the details.
I’d like to repeat an example (given my Mark Miller in his work on E), of two different ways to copy a file, and the security implications of each. First,
shell$ cp foo.txt bar.txt
This command invokes a copy program that will:
recognize foo.txt as a filename. recognize bar.txt as another […]
In my information flow research, we have the objective of attaching a security label to every object/value within the running system of a JavaScript VM. Two approaches are immediately evident:
Fat Values. We can extend the native encoding of values to include a pointer to the label attached to that value. In JS, this means […]
|
|