Introducing Faceted Exception Handling for Dynamic Information Flow

Author

Sri Tej Narala, San Jose State University

Publication Date

Spring 2015

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Thomas Austin

Second Advisor

Chris Pollett

Third Advisor

Tran Thanh

Keywords

javascript faceted exceptions

Abstract

JavaScript is most commonly used as a part of web browsers, especially client- side scripts interacting with the user. JavaScript is also the source of many security problems, which includes cross-site scripting attacks. The primary challenge is that code from untrusted sources run with full privileges on the client side, thus lead- ing to security breaches. This paper develops information flow controls with proper exception handling to prevent violations of data confidentiality and integrity.

Faceted values are a mechanism to handle dynamic information flow security in a way that overcomes the limitations caused by dynamic execution, but previous work has not shown how to properly handle exceptions with faceted values. Sometimes there might be problems where high-security information can be inferred from a pro- gram's control flow, or sometime the execution might crash while transferring this high-security information when there is an exception raised. Usage of faceted values is an experimental approach as an alternative to multi-process execution. This paper provides more detail on providing exception support to multi-faceted execution.

Recommended Citation

Narala, Sri Tej, "Introducing Faceted Exception Handling for Dynamic Information Flow" (2015). Master's Projects. 406.
DOI: https://doi.org/10.31979/etd.dc4n-r6g8
https://scholarworks.sjsu.edu/etd_projects/406