Using Lightweight Formal Methods for JavaScript Security


Show simple item record Reynolds, Mark en_US 2012-05-21T18:59:36Z 2012-05-21T18:59:36Z 2010-07-23 en_US
dc.identifier.citation Reynolds, Mark. "Using Lightweight Formal Methods for JavaScript Security", Technical Report BUCS-TR-2010-021, Computer Science Department, Boston University, July 23, 2010. [Available from:] en_US
dc.description.abstract The goal of this work was to apply lightweight formal methods to the study of the security of the JavaScript language. Previous work has shown that lightweight formal methods present a new approach to the study of security in the context of the Java Virtual Machine (JVM). The current work has attempted to codify best current practices in the form of a security model for JavaScript. Such a model is a necessary component in analyzing browser actions for vulnerabilities, but it is not sufficient. It is also required to capture actual browser event traces and incorporate these into the model. The work described herein demonstrates that it is (a) possible to construct a model for JavaScript security that captures important properties of current best practices within browsers; and (b) that an event translator has been written that captures the dynamic properties of browser site traversal in such a way that model analysis is tractable, and yields important information about the satisfaction or refutation of the static security rules. en_US
dc.language.iso en-US en_US
dc.publisher CS Department, Boston University en_US
dc.relation.ispartofseries BUCS Technical Reports;BUCS-TR-2010-021 en_US
dc.title Using Lightweight Formal Methods for JavaScript Security en_US
dc.type Technical Report en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search OpenBU


Deposit Materials