Segregate Third-Party JS Libraries

2012/03/12 · by erich · in Comp*, Ideas, Information Flow

Typically, web authors simply load whatever library they’d like to use with full trust. In JS, such loading amounts essentially to a #include. I’m flabbergasted that this practice remains normal. It could be paranoia, but even without invoking all the…

A New Field: Information Type Flow

2012/01/30 · by erich · in Ideas, Information Flow

In my last post on Information Flow, I noticed that some flows are more informative than others. I used a switch statement for my illustrative example of that observation. But, from my experience as a software developer, I have a…

Not All Flows are Considered Equal

2012/01/23 · by erich · in Information Flow

When I was writing last post about information flow terminology, I noticed something interesting: when knowledge of control flows are used to determine the values of variables, some branches yield more information than others. Previously, I had only considered the…

New Terminology in Information Flow Research

2012/01/19 · by erich · in Information Flow

Information flow is about tracking the flows of information within a computer program, i.e. what values influence other values as the program executes. Denning and Denning looked at this problem in the late 1970’s [1, 2] and distinguished between flows…

Strong Typing for Security

2011/11/11 · by erich · in Comp*, Ideas, Information Flow, Language

I got into a mild argument about static vs. dynamic typing. I recognize that static typing can be verbose to the point of being repetitious. Take Java generics for example: List<String> astr = new ArrayList<String>();List<String> astr = new ArrayList<String>(); There…

Documentation for Progress

2011/09/23 · by erich · in Engineering, Information Flow, Self

I’ve noticed in my work recently that documenting my work is one of the most reliable ways of making steady progress. I likely gathered the idea from the internet somewhere, or perhaps from the generous amounts of advice spewed forth…

Comparison between Object Capabilities and Information Flow

2011/05/03 · by erich · in Information Flow

Augmenting the Capability Model with Information Flows I’ve already convinced myself that labels are best implemented as tags on primitive values and references. In JavaScript, it is sometimes useful to view an object as a heterogeneous hash table, mapping field…

Approaches to JavaScript Security

2011/04/28 · by erich · in Information Flow

This is, as best as I can give right now, an exhaustive enumeration of all the different approaches to JavaScript security. Source Translation. Does a source-to-source translation of JS into a secure subset. The technique is used to jail an…

Security Typing for JavaScript

2011/04/26 · by erich · in Information Flow

Devil in the details. I’d like to repeat an example (given my Mark Miller in his work on E), of two different ways to copy a file, and the security implications of each. First, shell$ cp foo.txt bar.txt This command…

The Wrapper Conundrum

2011/04/21 · by erich · in Information Flow

In my information flow research, we have the objective of attaching a security label to every object/value within the running system of a JavaScript VM. Two approaches are immediately evident: Fat Values. We can extend the native encoding of values…

November 2024
M	T	W	T	F	S	S
« Jan
	1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Bio (12)
Books (2)
Business (9)
code (14)
Comp* (89)
Culture (2)
Design (5)
Economics (33)
Education (62)
Engineering (8)
Events (6)
Finance (6)
Fun (20)
Ideas (107)
Idiocracy (36)
Information Flow (13)
Investment (3)
Language (50)
Liberty (8)
Literature (10)
Math (18)
Mech* (3)
Mind/Cognition (13)
Music (1)
Observations (23)
People (42)
Philosophy (27)
Physics (8)
Politics (29)
Productivity (2)
Projects (2)
Punditry (36)
Religion (38)
Science Fiction (3)
Self (104)
Software (2)
Strange Loop (14)
Teaching (3)
Tech* (38)
Uncategorized (5)