Publication Date
Spring 2017
Degree Type
Master's Project
Degree Name
Master of Science (MS)
Department
Computer Science
First Advisor
Thomas Austin
Second Advisor
Chris Pollett
Third Advisor
Jenny Lam
Keywords
Policy Agnostic Programming, Faceted Values, Information Flow Security
Abstract
Browser security has become a major concern especially due to web pages becoming more complex. These web applications handle a lot of information, including sensitive data that may be vulnerable to attacks like data exfiltration, cross-site scripting (XSS), etc. Most modern browsers have security mechanisms in place to prevent such attacks but they still fall short in preventing more advanced attacks like evolved variants of data exfiltration. Moreover, there is no standard that is followed to implement security into the browser.
A lot of research has been done in the field of information flow security that could prove to be helpful in solving the problem of securing the client-side. Policy- agnostic programming is a programming paradigm that aims to make implementation of information flow security in real world systems more flexible. In this paper, we explore the use of policy-agnostic programming on the client-side and how it will help prevent common client-side attacks. We verify our results through a client-side salary management application. We show a possible attack and how our solution would prevent such an attack.
Recommended Citation
Palesha, Kushal, "Policy-agnostic programming on the client-side" (2017). Master's Projects. 518.
DOI: https://doi.org/10.31979/etd.a3ax-ktzr
https://scholarworks.sjsu.edu/etd_projects/518