Skip to main content
Journal Article

Defensive javascript building and verifying secure web components

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2014) 8604 88-123
DOI: 10.1007/978-3-319-10082-1_4
6Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Defensive JavaScript (DJS) is a typed subset of JavaScript that guarantees that the functional behavior of a program cannot be tampered with even if it is loaded by and executed within a malicious environment under the control of the attacker. As such, DJS is ideal for writing JavaScript security components, such as bookmarklets, single sign-on widgets, and cryptographic libraries, that may be loaded within untrusted web pages alongside unknown scripts from arbitrary third parties. We present a tutorial of the DJS language along with motivations for its design. We show how to program security components in DJS, how to verify their defensiveness using the DJS typechecker, and how to analyze their security properties automatically using ProVerif.

Cite

CITATION STYLE

APA

Bhargavan, K., Delignat-Lavaud, A., & Maffeis, S. (2014). Defensive javascript building and verifying secure web components. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8604, 88–123. https://doi.org/10.1007/978-3-319-10082-1_4

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free