Efficient dynamic access analysis using JavaScript proxies

Keil, Matthias; Thiemann, Peter

doi:10.1145/2578856.2508176

Cited by 5 publications

(13 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent research [7] explores the addition of such a feature to existing languages, and contract systems have been implemented using membrane-like constructs [19,31]. In addition, membranes have been used to equip Javascript objects with contracts for path-based access control for method invocation [32].…”

Section: B Implementing Capability Controlmentioning

confidence: 99%

Declarative Policies for Capability Control

Dimoulas

Moore

Askarov

et al. 2014

2014 IEEE 27th Computer Security Foundations Symposium

View full text Add to dashboard Cite

In capability-safe languages, components can access a resource only if they possess a capability for that resource. As a result, a programmer can prevent an untrusted component from accessing a sensitive resource by ensuring that the component never acquires the corresponding capability. In order to reason about which components may use a sensitive resource it is necessary to reason about how capabilities propagate through a system. This may be difficult, or, in the case of dynamically composed code, impossible to do before running the system. To counter this situation, we propose extensions to capabilitysafe languages that restrict the use of capabilities according to declarative policies. We introduce two independently useful semantic security policies to regulate capabilities and describe language-based mechanisms that enforce them. Access control policies restrict which components may use a capability and are enforced using higher-order contracts. Integrity policies restrict which components may influence (directly or indirectly) the use of a capability and are enforced using an information-flow type system. Finally, we describe how programmers can dynamically and soundly combine components that enforce access control or integrity policies with components that enforce different policies or even no policy at all.

show abstract

Section: B Implementing Capability Controlmentioning

confidence: 99%

Declarative Policies for Capability Control

Dimoulas

Moore

Askarov

et al. 2014

2014 IEEE 27th Computer Security Foundations Symposium

View full text Add to dashboard Cite

show abstract

“…Proxies implement contracts in Racket [6] and in JavaScript [3,5]. Contracts impose restrictions that the programmer regards as preconditions for the correct execution of a program.…”

Section: Use Case: Contractsmentioning

confidence: 99%

“…This approach preserves the previous behavior and retains the possibility to distinguish proxies from target objects in library code implementing proxy abstractions. However, it would require the application code to be transformed (at run time to support eval), which is not feasible in an application like access control [5] that must work with unmodified foreign code.…”

Section: Alternative Designsmentioning

confidence: 99%

“…However, there are abstractions that require such a test. For example, our implementation of access permissions [5] extracts the current permission from a proxy to construct a new proxy with an updated permission. This improves the efficiency of the implementation, which would otherwise generate long chains of proxy objects.…”

Section: Alternative Designsmentioning

confidence: 99%

“…A proxy, or wrapper, is an object that mediates access to an arbitrary target object. Proxies are widely used to perform resource management, access remote objects, impose access control [1,5], restrict the functionality of an object [6], or to enhance the interface of an object. Ideally, a proxy is not distinguishable from other objects so that running a program with an interposed proxy should lead to the same outcome as running the program with the target object, unless the proxy imposes restrictions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations