Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code

Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code (2009)

Cached

Download Links

by Benjamin Livshits , Salvatore Guarnieri

Citations:

34 - 8 self

Versions

Version History

Metadata Version 1

Datum	Value	Source
TITLE	Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code	INFERENCE
AUTHOR NAME	Benjamin Livshits	SVM HeaderParse 0.2
AUTHOR AFFIL	Microsoft Research	SVM HeaderParse 0.2
AUTHOR NAME	Salvatore Guarnieri	SVM HeaderParse 0.2
AUTHOR AFFIL	University of Washington	SVM HeaderParse 0.2
ABSTRACT	The advent of Web 2.0 has lead to the proliferation of client-side code that is typically written in JavaScript. This code is often combined or mashed-up with other code and content from disparate, mutually untrusting parties, leading to undesirable security and reliability consequences. This paper proposes GATEKEEPER, a mostly static approach for soundly enforcing security and reliability policies for JavaScript programs. GATEKEEPER is a highly extensible system with a rich, expressive policy language, allowing the hosting site administrator to formulate their policies as succinct Datalog queries. The primary application of GATEKEEPER is in reasoning about JavaScript widgets such as those hosted by widget portals Live.com and Google/IG. Widgets submitted to these sites can be either malicious or just buggy and poorly written, and the hosting site has the authority to reject the submission of widgets that do not meet the site’s security policies. To show the practicality of our approach, we describe nine representative security and reliability policies. Statically checking these policies results in 1,341 verified warnings in 684 widgets, no false negatives, due to the	SVM HeaderParse 0.2
YEAR	2009	INFERENCE
VENUE TYPE	TECHREPORT	INFERENCE
TECH	Technical report, Microsoft Research	INFERENCE
CITATIONS	26 found	ParsCit 1.0