Title :
Post-Dominator Analysis for Precisely Handling Implicit Flows
Author :
Bichhawat, Abhishek
Author_Institution :
Saarland Univ., Saarbrucken, Germany
Abstract :
Most web applications today use JavaScript for including third-party scripts, advertisements etc., which pose a major security threat in the form of confidentiality and integrity violations. Dynamic information flow control helps address this issue of information stealing. Most of the approaches over-approximate when unstructured control flow comes into picture, thereby raising a lot of false alarms. We utilize the post-dominator analysis technique to determine the context of the program at a given point and prove that this approach is the most precise technique to handle implicit flows.
Keywords :
Java; authoring languages; program diagnostics; security of data; JavaScript; Web applications; confidentiality violations; dynamic information flow control; implicit flow handling; integrity violations; post-dominator analysis technique; security threat; unstructured control flow; Computer languages; Conferences; Context; Lattices; Programmable logic arrays; Security; Software engineering;
Conference_Titel :
Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on
Conference_Location :
Florence
DOI :
10.1109/ICSE.2015.250
