Publication Date

Spring 5-26-2015

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Thomas Austin

Second Advisor

Chris Pollett

Third Advisor

Tran Thanh

Abstract

JavaScript is most commonly used as a part of web browsers, especially client- side scripts interacting with the user. JavaScript is also the source of many security problems, which includes cross-site scripting attacks. The primary challenge is that code from untrusted sources run with full privileges on the client side, thus lead- ing to security breaches. This paper develops information flow controls with proper exception handling to prevent violations of data confidentiality and integrity.

Faceted values are a mechanism to handle dynamic information flow security in a way that overcomes the limitations caused by dynamic execution, but previous work has not shown how to properly handle exceptions with faceted values. Sometimes there might be problems where high-security information can be inferred from a pro- gram's control flow, or sometime the execution might crash while transferring this high-security information when there is an exception raised. Usage of faceted values is an experimental approach as an alternative to multi-process execution. This paper provides more detail on providing exception support to multi-faceted execution.

Share

COinS