Approaches to JavaScript Security
This is, as best as I can give right now, an exhaustive enumeration of all the different approaches to JavaScript security. Source Translation. Does a source-to-source translation of JS into a secure subset. The technique is used to jail an…
Security Typing for JavaScript
Devil in the details. I’d like to repeat an example (given my Mark Miller in his work on E), of two different ways to copy a file, and the security implications of each. First, shell$ cp foo.txt bar.txt This command…
The Wrapper Conundrum
In my information flow research, we have the objective of attaching a security label to every object/value within the running system of a JavaScript VM. Two approaches are immediately evident: Fat Values. We can extend the native encoding of values…