Tight Enforcement of Information-Release Policies for Dynamic Languages
This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement...
Saved in:
Published in | 2009 22nd IEEE Computer Security Foundations Symposium pp. 43 - 59 |
---|---|
Main Authors | , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
01.07.2009
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both termination-sensitive and insensitive security policies. |
---|---|
ISBN: | 076953712X 9780769537122 |
ISSN: | 1063-6900 1940-1434 2377-5459 |
DOI: | 10.1109/CSF.2009.22 |