Confining the Ghost in the Machine: Using Types to Secure JavaScript Sandboxing
46
Microsoft Research330 тыс
Следующее
12.08.16 – 1881:13:40Популярные
124 дня – 1 6875:12
160 дней – 6113:07:51Опубликовано 12 августа 2016, 0:28
The commercial Web depends on combining content, especially advertisements, from sites that do not trust one another. Because this content can contain malicious code, several corporations and researchers have designed JavaScript sandboxing techniques (e.g., ADsafe, Caja, and Facebook JavaScript). These sandboxes depend on static restrictions, transformations, and libraries that perform dynamic checks. How can we be sure that they work? We tackle the problem of proving the security of these sandboxes. Our technique depends on creating specialized types to characterize the properties of the sandboxes, exploiting the structure of the checks contained in the libraries. The resulting checkers work on actual JavaScript code that is effectively unaltered; I will focus on our application to Yahoo!'s ADsafe. We establish soundness using our semantics for JavaScript, which has been tested for conformity against real implementations. Joint work with Arjun Guha and Joe Politz.
Свежие видео
6 дней – 3 6620:17
8 дней – 546 8803:00
10 дней – 2 02646:33
11 дней – 20 97830:36
12 дней – 2 0390:15Случайные видео
74 дня – 50 8481:01
190 дней – 762 3803:28:53
25.09.23 – 10 0860:33
13.02.23 – 139 5805:03
16.08.21 – 52 0528:58
15.05.09 – 5 7564:49
3 дня – 1 06442:38
3 дня – 149 06013:00
6 дней – 3 8611:56
6 дней – 4 2310:44
7 дней – 7880:20
12 дней – 273 0350:17
