ICE-TCS Lectures Series - Willard Thor Rafnsson - Securing Event-based Communication
The first ICE-TCS talk after the summer break will be delivered Thursday August 5th by Willard Thor Rafnsson (Chalmers University of Technology, Sweden). The talk, which is entitled Securing Event-based Communication, will be held at 14:00 in room M1.05 at the new premises of Reykjavik University in Nauthólsvík.
Abstract
Event-based communication is a major source of power and flexibility for today's applications. For example, in the context of a web
browser, the dynamism of user experience is driven by events: fine-grained interaction of the user with the web application triggers events that are reactively handled by JavaScript code. This paper explores channels for leaking sensitive information through constructs in a reactive language. We propose a general and realizable security framework for preventing information leaks in
reactive setting with such features as new handler creation and hierarchical event structures. While prior work largely takes an all-or-nothing approach to information flows due to (non)termination, our security framework tightly regulates the bandwidth of leaks due to termination behavior: at most log(n + 1) bits are allowed to be released, where n is the number of public inputs to the program. We gain flexibility from distinguishing between the security levels of message existence and content. A combination of flow-sensitive analysis and buffering output enables us to enforce security without being overly restrictive.
