A join point for loops in AspectJ
Proceedings of the 5th international conference on Aspect-oriented software development
How secure is AOP and what can we do about it?
Proceedings of the 2006 international workshop on Software engineering for secure systems
Privacy-preserving browser-side scripting with BFlow
Proceedings of the 4th ACM European conference on Computer systems
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
AspectScript: expressive aspects for the web
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Permissive dynamic information flow analysis
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Noninterference through Secure Multi-execution
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Object Capabilities and Isolation of Untrusted Web Applications
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
A meta-aspect protocol for developing dynamic analyses
RV'10 Proceedings of the First international conference on Runtime verification
Flexible and efficient profiling with aspect-oriented programming
Concurrency and Computation: Practice & Experience
IEEE Software
WebJail: least-privilege integration of third-party components in web mashups
Proceedings of the 27th Annual Computer Security Applications Conference
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aspectizing Java Access Control
IEEE Transactions on Software Engineering
Partial evaluation of pointcuts
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Better security and privacy for web browsers: a survey of techniques, and a new implementation
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
In this position paper we argue that aspects are well-suited to describe and implement a range of strategies to make secure JavaScript-based applications. To this end, we review major categories of approaches to make client-side applications secure and discuss uses of aspects that exist for some of them. We also propose aspect-based techniques for the categories that have not yet been studied. We give examples of applications where aspects are useful as a general means to flexibly express and implement security policies for JavaScript.