Defensive JavaScript: Building and Verifying Secure Web Components

Defensive JavaScript: Building and Verifying Secure Web Components

Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security co...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bhargavan, Karthikeyan, Delignat-Lavaud, Antoine, Maffeis, Sergio
Format: Buchkapitel
Sprache:eng
Schlagworte:
Cloud Server
Computer Science
Cryptography and Security
External Function
Object Prototype
Password Manager
Security Goal
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown scripts from arbitrary third parties. We present a tutorial of the DJS language along with motivations for its design. We show how to program security components in DJS, how to verify their defensiveness using the DJS typechecker, and how to analyze their security properties automatically using ProVerif.
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-10082-1_4