Daniel Hedin
ABSTRACT
This abstract accompanies a demo of app security using JSFlow [7]. The interested reader is encouraged to try the JSFlow tool [8] and get a full account of the theory and practice behind JSFlow, as detailed in a journal article [9].
- Adobe Inc. Adobe PhoneGap. http://phonegap.com/.Google Scholar
- M. Balliu, B. Liebe, D. Schoepe, and A. Sabelfeld. Jslinq: Building secure applications across tiers. In CODASPY, Mar. 2016. Google ScholarDigital Library
- N. Bielova. Survey on javascript security policies and their enforcement mechanisms in a web browser. J. Log. Algebr. Program., pages 243--262, 2013.Google ScholarCross Ref
- D. E. Denning and P. J. Denning. Certification of programs for secure information flow. CACM, 20(7):504--513, July 1977. Google ScholarDigital Library
- ECMA International. ECMAScript Language Specification, 2009. Version 5.Google Scholar
- J. Gibbs Politz, A. Guha, and S. Krishnamurthi. Typed-based verification of web sandboxes. J. Comput. Secur., 22(4):511--565, July 2014. Google ScholarDigital Library
- D. Hedin. MOBILESoft'16 demo. DEMO, located at www.jsflow.net/MOBILESoft16, May 2016.Google Scholar
- D. Hedin, L. Bello, A. Birgisson, and A. Sabelfeld. JSFlow. The JSFlow project, located at www.jsflow.net, 2013--16.Google Scholar
- D. Hedin, L. Bello, and A. Sabelfeld. JSFlow: Tracking information flow in javascript and its APIs. JCS, 2016. To appear.Google Scholar
- D. Hedin and A. Sabelfeld. A perspective on information-flow control. In Software Safety and Security, pages 319--347, 2012.Google Scholar
- G. Le Guernic. Confidentiality Enforcement Using Dynamic Information Flow Analyses. PhD thesis, Kansas State University, 2007. Google ScholarDigital Library
- J. Magazinius, D. Hedin, and A. Sabelfeld. Architectures for inlining security monitors in web applications. In ESSoS, 2014. Google ScholarDigital Library
- N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. You are what you include: large-scale evaluation of remote JavaScript inclusions. In CCS, Oct. 2012. Google ScholarDigital Library
- A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1):5--19, Jan. 2003. Google ScholarDigital Library
- D. Schoepe, M. Balliu, B. C. Pierce, and A. Sabelfeld. Explicit secrecy: A policy for taint tracking. In EuroS&P, 2016.Google Scholar
Recommendations
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Comments