This paper explores the problem of tracking information flow in dynamic tree structures. Motivated by the problem of manipulating the Document Object Model (DOM) trees by browser-run client-side scripts, we address the dynamic nature of interactions via tree structures. We present a runtime enforcement mechanism that monitors this interaction and prevents a range of attacks, some of them missed by previous approaches, that exploit the tree structure in order to transfer sensitive information. We formalize our approach for a simple language with DOM-like tree operations and show that the monitor prevents scripts from disclosing secrets. © 2009 Springer Berlin Heidelberg.
CITATION STYLE
Russo, A., Sabelfeld, A., & Chudnov, A. (2009). Tracking information flow in dynamic tree structures. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5789 LNCS, pp. 86–103). https://doi.org/10.1007/978-3-642-04444-1_6
Mendeley helps you to discover research relevant for your work.