Title: An Information Flow Monitor for a Core of DOM - Introducing References and Live Primitives
By: José Fragoso Santos (Inria Sophia Antipolis Méditerranée)
More info: http://citi.di.fct.unl.pt/seminar/seminar.php?id=240
Abstract:
We propose and prove sound a novel, purely dynamic, flow-sensitive monitor for securing information flow in an imperative language extended with DOM-like tree operations, that we call Core DOM. In Core DOM, as in the DOM API, tree nodes are treated as first-class values. We take advantage of this feature in order to implement an information flow control mechanism that is finer-grained than previous approaches in the literature. Furthermore, we extend Core DOM with additional constructs to model the behaviour of live collections in the DOM Core Level 1 API. We show that this kind of construct effectively augments the observational power of an attacker and we modify the proposed monitor so as to tackle newly introduced forms of information leaks.
Short bio:
José Fragoso Santos holds a PhD in Computer Science from the University of Nice - Sophia Antipolis (2014). During his PhD, he worked at Inria Sophia Antipolis Méditerranée under the supervision of Tamara Rezk. Previously, he graduated (2006) and obtained a Master (2008) in Information Systems and Computer Engineering from Instituto Superior Técnico. His research interests are focused on program analysis and instrumentation for security. More concretely, he is interested in mechanisms that combine static and dynamic analysis for securing information flow in client-side Web applications.