Logo
User: Guest  Login
Authors:
Mitchell, Duncan; Kinder, Johannes 
Document type:
Konferenzbeitrag / Conference Paper 
Title:
A Formal Model for Checking Cryptographic API Usage in JavaScript 
Collection editors:
Sako, Kazue; Schneider, Steve; Ryan, Peter Y. A. 
Title of conference publication:
Computer Security – ESORICS 2019 
Subtitle of conference publication:
24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings, Part I 
Series title:
Lecture Notes in Computer Science 
Series volume:
11735 
Conference title:
European Symposium on Research in Computer Security (24., 2019, Luxenburg) 
Conference title:
ESORICS 2019 
Venue:
Luxembourg 
Year of conference:
2019 
Date of conference beginning:
23.09.2019 
Date of conference ending:
27.09.2019 
Place of publication:
Cham 
Publisher:
Springer 
Year:
2019 
Pages from - to:
341-360 
Language:
Englisch 
Abstract:
Modern JavaScript implementations include APIs offering strong cryptography, but it is easy for non-expert developers to misuse them and introduce potentially critical security bugs. In this paper, we formalize a mechanism to rule out such bugs through runtime enforcement of cryptographic API specifications. In particular, we construct a dynamic variant of Security Annotations, which represent security properties of values via type-like information. We formalize Security Annotations within an ex...    »
 
ISBN:
978-3-030-29958-3 ; 978-3-030-29959-0 
Department:
Fakultät für Informatik 
Institute:
INF 6 - Institut für Systemsicherheit 
Chair:
Kinder, Johannes 
Research Hub UniBw M:
CODE 
Open Access yes or no?:
Nein / No