Author:

Keywords:

iMinds

Abstract:

© Springer International Publishing Switzerland 2014. Modern web applications heavily rely on JavaScript code executing in the browser. These web scripts are useful for instance for improving the interactivity and responsiveness of web applications, and for gathering web analytics data. However, the execution of server-provided code in the browser also brings substantial security and privacy risks. Web scripts can access a fair amount of sensitive information, and can leak this information to anyone on the Internet. This tutorial paper discusses information flow control mechanisms for countering these threats. We formalize both a static, type-system based and a dynamic, multiexecution based enforcement mechanism, and show by means of examples how these mechanisms can enforce the security of information flows in web scripts.