Policy-agnostic programming on the client-side

Author

Kushal Palesha, San Jose State University

Publication Date

Spring 2017

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Thomas Austin

Second Advisor

Chris Pollett

Third Advisor

Jenny Lam

Keywords

Policy Agnostic Programming, Faceted Values, Information Flow Security

Abstract

Browser security has become a major concern especially due to web pages becoming more complex. These web applications handle a lot of information, including sensitive data that may be vulnerable to attacks like data exfiltration, cross-site scripting (XSS), etc. Most modern browsers have security mechanisms in place to prevent such attacks but they still fall short in preventing more advanced attacks like evolved variants of data exfiltration. Moreover, there is no standard that is followed to implement security into the browser.

A lot of research has been done in the field of information flow security that could prove to be helpful in solving the problem of securing the client-side. Policy- agnostic programming is a programming paradigm that aims to make implementation of information flow security in real world systems more flexible. In this paper, we explore the use of policy-agnostic programming on the client-side and how it will help prevent common client-side attacks. We verify our results through a client-side salary management application. We show a possible attack and how our solution would prevent such an attack.

Recommended Citation

Palesha, Kushal, "Policy-agnostic programming on the client-side" (2017). Master's Projects. 518.
DOI: https://doi.org/10.31979/etd.a3ax-ktzr
https://scholarworks.sjsu.edu/etd_projects/518