Gradual Typing for Information Flow Control in Typescript using ES Lint

Author

Ashish Agarwal

Publication Date

Spring 2024

Degree Type

Master's Project

Degree Name

Master of Science in Computer Science (MSCS)

Department

Computer Science

First Advisor

Thomas H. Austin

Second Advisor

Robert K. Chun

Third Advisor

Christopher J. Pollett

Keywords

Information Flow Control, Typescript, Javascript, ESLint, Declassification

Abstract

Current state-of-the-art systems tackle data security threats by incorporating information flow control (IFC) to ensure that a piece of information reaches only its intended recipient. However, most IFC implementations introduce a custom language built on top of a well-known language. Adaptations of such languages are limited due to limited support and updates, along with difficulty in learning new syntaxes. Implementations without a custom language offer incomplete IFC support. We present a comprehensive framework by leveraging Typescript, in conjunction with ESLint and NodeJS, aiming to resolve some of the limitations of IFC and intending to facilitate acceptance by a wide range of developers. Developers are given the choice to mark important pieces of information with security levels, enabling foolproof and robust security. Moreover, developers are offered enhanced flexibility in terms of precise segments of information flow that need to be controlled by offering declassification.

Recommended Citation

Agarwal, Ashish, "Gradual Typing for Information Flow Control in Typescript using ES Lint" (2024). Master's Projects. 1350.
DOI: https://doi.org/10.31979/etd.m77v-d4hy
https://scholarworks.sjsu.edu/etd_projects/1350