‹Programming› 2020
Mon 23 - Thu 26 March 2020 Porto, Portugal
Mon 23 Mar 2020 11:30 - 12:00 at W3 - ProWeb 2020 #2

Many approaches has been proposed to dynamically secure client side web applications allowing developers to express they security policies using some sort of policy language. Those security policies are usually expressed in JavaScript, which has some features like the dynamic type coercion that allow an attacker to bypass those security mechanisms. This has been addressed by giving the developer the option of specifying “inspection types” during the policy declaration. Those inspection types are used to safely coerce the values used during the enforcement and afterwards. However, those mechanism are mostly limited to primitive types and require carefully design of the policy and its inspection types.

We propose the extension of a policy declaration and enforcement mechanism by constructing a coercion model for all the language built-ins. Then, the model is used to safely coerce all the operands or arguments used by the built-ins operations during the policy enforcement and afterwards removing the need of inspection types.

Mon 23 Mar

Displayed time zone: Belfast change

11:00 - 12:30
ProWeb 2020 #2ProWeb20 at W3
11:00
30m
Talk
Evolution of the WebDSL RuntimeFull paper
ProWeb20
Danny Groenewegen Delft University of Technology, Elmer van Chastelet Delft University of Technology, Eelco Visser Delft University of Technology
11:30
30m
Talk
Tamper-proof security mechanism against liar objects in JavaScript applicationsPresentation abstract
ProWeb20
Angel Luis Scull Pupo Sofware Languages Lab, Vrije Universiteit Brussel, Jens Nicolay Vrije Universiteit Brussel, Belgium, Elisa Gonzalez Boix Vrije Universiteit Brussel, Belgium
12:00
30m
Talk
Broken LinksPresentation abstract
ProWeb20
Frank Emrich The University of Edinburgh, Daniel Hillerström The University of Edinburgh