Research report 2013 - Max Planck Institute for Software Systems, Kaiserslautern site

Improving JavaScript security with information flow analysis

Authors
Garg, Deepak
Departments
Abteilung: Foundations of Computer Security / Max-Planck-Institut für Softwaresysteme, Saarbrücken / Max-Planck-Institut für Softwaresysteme, Kaiserslautern
Summary
JavaScript is a programming language interpreted by all major web browsers. Owing to its widespread use, rich interfaces and somewhat lax protections, JavaScript is often exploited for attacks that breach the confidentiality and integrity of sensitive data in the browser - passwords, credit card numbers, cookies, etc. We report recent work on protecting JavaScript with information flow analysis, a technique that tracks data as it flows through an executing program. Our implementation is backed by a theoretical model and incurs only moderate performance overhead.

For the full text, see the German version.

Go to Editor View