Staff View
Position Paper: The Case for JavaScript Transactions

Descriptive

Language
LanguageTerm (authority = ISO 639-3:2007); (type = text)
English
Genre (authority = RULIB-FS)
Other
Genre (authority = marcgt)
technical report
PhysicalDescription
InternetMediaType
application/pdf
Extent
6 p.
Note (type = special display note)
Technical report DCS-TR-667
Name (authority = RutgersOrg-School); (type = corporate)
NamePart
School of Arts and Sciences (SAS) (New Brunswick)
Name (authority = RutgersOrg-Department); (type = corporate)
NamePart
Computer Science (New Brunswick)
TypeOfResource
Text
TitleInfo
Title
Position Paper: The Case for JavaScript Transactions
Abstract (type = abstract)
Modern Web applications combine and use JavaScript-based content from multiple untrusted sources. Without proper isolation, such content can compromise the security and privacy of these Web applications. Prior techniques for isolating untrusted JavaScript code do so by restricting dangerous constructs and inlining security checks into third-party code. This paper makes the case that JavaScript must be extended to make isolation a language-level primitive. We propose to extend the language using a new transaction construct that allows a Web application to speculatively execute untrusted code and isolate the changes and effects it performs. The Web application can then inspect these speculative actions and commit them only if they comply with the application’s security policies. We discuss use-cases that can benefit from JavaScript support for transactions, present a formalization of JavaScript transactions and conclude with implementation considerations.
Name (type = personal)
NamePart (type = family)
Dhawan
NamePart (type = given)
Mohan
Affiliation
Computer Science (New Brunswick)
Role
RoleTerm (authority = marcrt); (type = text)
author
Name (type = personal)
NamePart (type = family)
Shan
NamePart (type = given)
Chung-chieh
Affiliation
Computer Science (New Brunswick)
Role
RoleTerm (authority = marcrt); (type = text)
author
Name (type = personal)
NamePart (type = family)
Ganapathy
NamePart (type = given)
Vinod
Affiliation
Computer Science (New Brunswick)
Role
RoleTerm (authority = marcrt); (type = text)
author
OriginInfo
DateCreated (encoding = w3cdtf); (keyDate = yes); (qualifier = exact)
2010-04
RelatedItem (type = host)
TitleInfo
Title
Shan, Chung-chieh
Identifier (type = local)
rucore30111300001
RelatedItem (type = host)
TitleInfo
Title
Computer Science (New Brunswick)
Identifier (type = local)
rucore21032500001
Location
PhysicalLocation (authority = marcorg); (displayLabel = Rutgers, The State University of New Jersey)
NjNbRU
Identifier (type = doi)
doi:10.7282/T36D5XF0
Genre (authority = ExL-Esploro)
Technical Documentation
Back to the top

Rights

RightsDeclaration (AUTHORITY = rightsstatements.org); (TYPE = IN COPYRIGHT); (ID = http://rightsstatements.org/vocab/InC/1.0/)
This Item is protected by copyright and/or related rights.You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use.For other uses you need to obtain permission from the rights-holder(s).
Copyright
Status
Copyright protected
Availability
Status
Open
Reason
Permission or license
Back to the top

Technical

RULTechMD (ID = TECHNICAL1)
ContentModel
Document
DateCreated (point = end); (encoding = w3cdtf); (qualifier = exact)
2018-07-13T09:44:29
CreatingApplication
Version
1.4
ApplicationName
pdfeTeX-1.21a
DateCreated (point = start); (encoding = w3cdtf); (qualifier = exact)
2010-03-12T17:09:26
Back to the top
Version 8.3.13
Rutgers University Libraries - Copyright ©2020