Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

2016

Series

Faculty Publications, Computer Science

Articles 1 - 1 of 1

Full-Text Articles in Information Security

Virtual Values For Taint And Information Flow Analysis, Prakasam Kannan, Thomas Austin, Mark Stamp, Tim Disney, Cormac Flanagan Oct 2016

Virtual Values For Taint And Information Flow Analysis, Prakasam Kannan, Thomas Austin, Mark Stamp, Tim Disney, Cormac Flanagan

Faculty Publications, Computer Science

Security controls such as taint analysis and information flow analysis can be powerful tools to protect against many common attacks. However, incorporating these controls into a language such as JavaScript is challenging. Native implementations require the support of all JavaScript VMs. Code rewriting requires developers to reason about the entire abstract syntax of JavaScript. In this paper, we demonstrate how virtual values may be used to more easily integrate these security controls. Virtual values provide hooks to alter the behavior of primitive operations, allowing programmers to create the desired security controls in a more declarative fashion, facilitating more rapid prototyping. …

Go to article