| Title | Multiple Facets for Dynamic Information Flow with Exceptions |
| Publication Type | Journal Article |
| Year of Publication | 2017 |
| Authors | Austin, Thomas H., Schmitz, Tommy, Flanagan, Cormac |
| Journal | ACM Trans. Program. Lang. Syst. |
| Volume | 39 |
| Pagination | 10:1–10:56 |
| ISSN | 0164-0925 |
| Keywords | Cross Site Scripting, Cross Site Scripting (XSS), dynamic analysis, Human Behavior, human factor, human factors, Information Flow Control, JavaScript, pubcrawl, resilience, Resiliency, Scalability, web security |
| Abstract | JavaScript is the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources runs with full privileges. Information flow controls help prevent violations of data confidentiality and integrity. This article explores faceted values, a mechanism for providing information flow security in a dynamic manner that avoids the stuck executions of some prior approaches, such as the no-sensitive-upgrade technique. Faceted values simultaneously simulate multiple executions for different security levels to guarantee termination-insensitive noninterference. We also explore the interaction of faceted values with exceptions, declassification, and clearance. |
| URL | http://doi.acm.org/10.1145/3024086 |
| DOI | 10.1145/3024086 |
| Citation Key | austin_multiple_2017 |
Multiple Facets for Dynamic Information Flow with Exceptions