About The Forum
Calendar Ankur Taly : 2009 Security Meeting
Thursday, April 16, 2009
Location: Fisher Conference Center, Arrillaga Alumni Center
"Run-Time Enforcement of Secure JavaScript Subsets"
Abstract:
Web sites that incorporate untrusted content may use browser-or language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We use accepted methods from the study of programming languages to investigate language-based methods for filtering and rewriting JavaScript code, using Facebook's FBJS as a motivating example.
We explain the core problems by describing previously unknown vulnerabilities and shortcomings, provide JavaScript code that enforces provable isolation properties at run-time, and develop a foundation for improved solutions based on an operational semantics of the full ECMA262 language. We also compare our results with the techniques used in FBJS.
Joint work with Sergio Maffeis and John C. Mitchell
Ankur Taly is a 2nd year Ph.D student in computer science working with Prof. John Mitchell. Prior to joining Stanford, he completed his Bachelors in computer science from IIT Bombay in 2007. His research interests include formally analyzing safety and security properties of JavaScript based web application. His current research revolves around designing provable safe isolation mechanisms for untrusted JavaScript code.
