Checking Cryptographic API Usage with Composable Annotations (Short Paper)
| Title | Checking Cryptographic API Usage with Composable Annotations (Short Paper) |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Mitchell, Duncan, van Binsbergen, L. Thomas, Loring, Blake, Kinder, Johannes |
| Conference Name | Proceedings of the ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5587-2 |
| Keywords | composability, compositionality, Computing Theory, JavaScript, pubcrawl, type systems |
| Abstract | Developers of applications relying on cryptographic libraries can easily make mistakes in their use. Popular dynamic languages such as JavaScript make testing or verifying such applications particularly challenging. In this paper, we present our ongoing work toward a methodology for automatically checking security properties in JavaScript code. Our main idea is to attach security annotations to values that encode properties of interest. We illustrate our idea using examples and, as an initial step in our line of work, we present a formalization of security annotations in a statically typed lambda calculus. As next steps, we will translate our annotations to a dynamically typed formalization of JavaScript such as $lambda$JS and implement a runtime checked type extension using code instrumentation for full JavaScript. |
| URL | https://dl.acm.org/citation.cfm?doid=3162071 |
| DOI | 10.1145/3162071 |
| Citation Key | mitchell_checking_2018 |