Show simple item record

dc.contributor.authorReynolds, Marken_US
dc.date.accessioned2012-05-21T18:59:36Z
dc.date.available2012-05-21T18:59:36Z
dc.date.issued2010-07-23en_US
dc.identifier.citationReynolds, Mark. "Using Lightweight Formal Methods for JavaScript Security", Technical Report BUCS-TR-2010-021, Computer Science Department, Boston University, July 23, 2010. [Available from: http://hdl.handle.net/2144/3798]en_US
dc.identifier.urihttp://hdl.handle.net/2144/3798
dc.description.abstractThe goal of this work was to apply lightweight formal methods to the study of the security of the JavaScript language. Previous work has shown that lightweight formal methods present a new approach to the study of security in the context of the Java Virtual Machine (JVM). The current work has attempted to codify best current practices in the form of a security model for JavaScript. Such a model is a necessary component in analyzing browser actions for vulnerabilities, but it is not sufficient. It is also required to capture actual browser event traces and incorporate these into the model. The work described herein demonstrates that it is (a) possible to construct a model for JavaScript security that captures important properties of current best practices within browsers; and (b) that an event translator has been written that captures the dynamic properties of browser site traversal in such a way that model analysis is tractable, and yields important information about the satisfaction or refutation of the static security rules.en_US
dc.language.isoen-USen_US
dc.publisherCS Department, Boston Universityen_US
dc.relation.ispartofseriesBUCS Technical Reports;BUCS-TR-2010-021en_US
dc.titleUsing Lightweight Formal Methods for JavaScript Securityen_US
dc.typeTechnical Reporten_US


Files in this item

This item appears in the following Collection(s)

Show simple item record