Defensive JavaScript: Building and Verifying Secure Web Components
Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security co...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Buchkapitel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 123 |
|---|---|
| container_issue | |
| container_start_page | 88 |
| container_title | |
| container_volume | 8604 |
| creator | Bhargavan, Karthikeyan Delignat-Lavaud, Antoine Maffeis, Sergio |
| description | Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown scripts from arbitrary third parties. We present a tutorial of the DJS language along with motivations for its design. We show how to program security components in DJS, how to verify their defensiveness using the DJS typechecker, and how to analyze their security properties automatically using ProVerif. |
| doi_str_mv | 10.1007/978-3-319-10082-1_4 |
| format | Book Chapter |
| fullrecord | <record><control><sourceid>hal_sprin</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_01102144v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>oai_HAL_hal_01102144v1</sourcerecordid><originalsourceid>FETCH-LOGICAL-h1464-1782a66029bf4e49d8e9bbcdfaad053bfda6cb554d908dfb47e96531b4389cf83</originalsourceid><addsrcrecordid>eNo1kL1PwzAQxc2XRCnd2FhYGQx3uUtij1ULFBSJAZhPdmLTQGmrBFXiv8dtYTq993466T2lLhFuEKC8taXRpAmtTtJkGoUP1BklY6fpUA2wQNREbI_UKOH_GfKxGgBBpm3JdKpGff8BAEhkSrADdTENMSz7dhOuntzGvdRdu_4-VyfRLfow-rtD9XZ_9zqZ6er54XEyrvQcuWCNpclcUUBmfeTAtjHBel830bkGcvKxcUXt85wbC6aJnstgi5zQMxlbR0NDdb3_O3cLWXftl-t-ZOVamY0r2XqACBkybzCxuGf7BC7fQyd-tfrsBUG2E0nqLCSptewmkTQR_QKXc1Hg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>book_chapter</recordtype></control><display><type>book_chapter</type><title>Defensive JavaScript: Building and Verifying Secure Web Components</title><source>Springer Books</source><creator>Bhargavan, Karthikeyan ; Delignat-Lavaud, Antoine ; Maffeis, Sergio</creator><contributor>Lopez, Javier ; Martinelli, Fabio ; Aldini, Alessandro</contributor><creatorcontrib>Bhargavan, Karthikeyan ; Delignat-Lavaud, Antoine ; Maffeis, Sergio ; Lopez, Javier ; Martinelli, Fabio ; Aldini, Alessandro</creatorcontrib><description>Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown scripts from arbitrary third parties. We present a tutorial of the DJS language along with motivations for its design. We show how to program security components in DJS, how to verify their defensiveness using the DJS typechecker, and how to analyze their security properties automatically using ProVerif.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 9783319100814</identifier><identifier>ISBN: 3319100815</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 3319100823</identifier><identifier>EISBN: 9783319100821</identifier><identifier>DOI: 10.1007/978-3-319-10082-1_4</identifier><language>eng</language><publisher>Cham: Springer International Publishing</publisher><subject>Cloud Server ; Computer Science ; Cryptography and Security ; External Function ; Object Prototype ; Password Manager ; Security Goal</subject><ispartof>Foundations of Security Analysis and Design VII, 2014, Vol.8604, p.88-123</ispartof><rights>Springer International Publishing Switzerland 2014</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><orcidid>0000-0002-3152-8997</orcidid><relation>Lecture Notes in Computer Science</relation></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/978-3-319-10082-1_4$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/978-3-319-10082-1_4$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>230,779,780,784,793,885,27925,38255,41442,42511</link.rule.ids><backlink>$$Uhttps://inria.hal.science/hal-01102144$$DView record in HAL$$Hfree_for_read</backlink></links><search><contributor>Lopez, Javier</contributor><contributor>Martinelli, Fabio</contributor><contributor>Aldini, Alessandro</contributor><creatorcontrib>Bhargavan, Karthikeyan</creatorcontrib><creatorcontrib>Delignat-Lavaud, Antoine</creatorcontrib><creatorcontrib>Maffeis, Sergio</creatorcontrib><title>Defensive JavaScript: Building and Verifying Secure Web Components</title><title>Foundations of Security Analysis and Design VII</title><description>Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown scripts from arbitrary third parties. We present a tutorial of the DJS language along with motivations for its design. We show how to program security components in DJS, how to verify their defensiveness using the DJS typechecker, and how to analyze their security properties automatically using ProVerif.</description><subject>Cloud Server</subject><subject>Computer Science</subject><subject>Cryptography and Security</subject><subject>External Function</subject><subject>Object Prototype</subject><subject>Password Manager</subject><subject>Security Goal</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>9783319100814</isbn><isbn>3319100815</isbn><isbn>3319100823</isbn><isbn>9783319100821</isbn><fulltext>true</fulltext><rsrctype>book_chapter</rsrctype><creationdate>2014</creationdate><recordtype>book_chapter</recordtype><recordid>eNo1kL1PwzAQxc2XRCnd2FhYGQx3uUtij1ULFBSJAZhPdmLTQGmrBFXiv8dtYTq993466T2lLhFuEKC8taXRpAmtTtJkGoUP1BklY6fpUA2wQNREbI_UKOH_GfKxGgBBpm3JdKpGff8BAEhkSrADdTENMSz7dhOuntzGvdRdu_4-VyfRLfow-rtD9XZ_9zqZ6er54XEyrvQcuWCNpclcUUBmfeTAtjHBel830bkGcvKxcUXt85wbC6aJnstgi5zQMxlbR0NDdb3_O3cLWXftl-t-ZOVamY0r2XqACBkybzCxuGf7BC7fQyd-tfrsBUG2E0nqLCSptewmkTQR_QKXc1Hg</recordid><startdate>2014</startdate><enddate>2014</enddate><creator>Bhargavan, Karthikeyan</creator><creator>Delignat-Lavaud, Antoine</creator><creator>Maffeis, Sergio</creator><general>Springer International Publishing</general><general>Springer</general><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0002-3152-8997</orcidid></search><sort><creationdate>2014</creationdate><title>Defensive JavaScript</title><author>Bhargavan, Karthikeyan ; Delignat-Lavaud, Antoine ; Maffeis, Sergio</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-h1464-1782a66029bf4e49d8e9bbcdfaad053bfda6cb554d908dfb47e96531b4389cf83</frbrgroupid><rsrctype>book_chapters</rsrctype><prefilter>book_chapters</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Cloud Server</topic><topic>Computer Science</topic><topic>Cryptography and Security</topic><topic>External Function</topic><topic>Object Prototype</topic><topic>Password Manager</topic><topic>Security Goal</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Bhargavan, Karthikeyan</creatorcontrib><creatorcontrib>Delignat-Lavaud, Antoine</creatorcontrib><creatorcontrib>Maffeis, Sergio</creatorcontrib><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Bhargavan, Karthikeyan</au><au>Delignat-Lavaud, Antoine</au><au>Maffeis, Sergio</au><au>Lopez, Javier</au><au>Martinelli, Fabio</au><au>Aldini, Alessandro</au><format>book</format><genre>bookitem</genre><ristype>CHAP</ristype><atitle>Defensive JavaScript: Building and Verifying Secure Web Components</atitle><btitle>Foundations of Security Analysis and Design VII</btitle><seriestitle>Lecture Notes in Computer Science</seriestitle><date>2014</date><risdate>2014</risdate><volume>8604</volume><spage>88</spage><epage>123</epage><pages>88-123</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>9783319100814</isbn><isbn>3319100815</isbn><eisbn>3319100823</eisbn><eisbn>9783319100821</eisbn><abstract>Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown scripts from arbitrary third parties. We present a tutorial of the DJS language along with motivations for its design. We show how to program security components in DJS, how to verify their defensiveness using the DJS typechecker, and how to analyze their security properties automatically using ProVerif.</abstract><cop>Cham</cop><pub>Springer International Publishing</pub><doi>10.1007/978-3-319-10082-1_4</doi><tpages>36</tpages><orcidid>https://orcid.org/0000-0002-3152-8997</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0302-9743 |
| ispartof | Foundations of Security Analysis and Design VII, 2014, Vol.8604, p.88-123 |
| issn | 0302-9743 1611-3349 |
| language | eng |
| recordid | cdi_hal_primary_oai_HAL_hal_01102144v1 |
| source | Springer Books |
| subjects | Cloud Server Computer Science Cryptography and Security External Function Object Prototype Password Manager Security Goal |
| title | Defensive JavaScript: Building and Verifying Secure Web Components |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-20T17%3A51%3A26IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-hal_sprin&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=bookitem&rft.atitle=Defensive%20JavaScript:%20Building%20and%20Verifying%20Secure%20Web%20Components&rft.btitle=Foundations%20of%20Security%20Analysis%20and%20Design%20VII&rft.au=Bhargavan,%20Karthikeyan&rft.date=2014&rft.volume=8604&rft.spage=88&rft.epage=123&rft.pages=88-123&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=9783319100814&rft.isbn_list=3319100815&rft_id=info:doi/10.1007/978-3-319-10082-1_4&rft_dat=%3Chal_sprin%3Eoai_HAL_hal_01102144v1%3C/hal_sprin%3E%3Curl%3E%3C/url%3E&rft.eisbn=3319100823&rft.eisbn_list=9783319100821&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |