论文信息 - Featherweight Firefox: Formalizing the Core of a Web Browser

Featherweight Firefox: Formalizing the Core of a Web Browser

We offer a formal specification of the core functionality of a web browser in the form of a small-step operational semantics. The specification accurately models the asynchronous nature of web browsers and covers the basic aspects of windows, DOM trees, cookies, HTTP requests and responses, user input, and a minimal scripting language with first-class functions, dynamic evaluation, and AJAX requests. No security enforcement mechanisms are included--instead, the model is intended to serve as a basis for formalizing and experimenting with different security policies and mechanisms. We survey the most interesting design choices and discuss how our model relates to real web browsers.

Benjamin C. Pierce | Aaron Bohannon

[1] Tsutomu Matsumoto,et al. Information-Flow-Based Access Control for Web Browsers , 2009, IEICE Trans. Inf. Syst..

[2] Helen J. Wang,et al. Subspace: secure cross-domain communication for web mashups , 2007, WWW '07.

[3] Chris Wilson,et al. Document Object Model (DOM) Level 1 Specification (Second Edition) , 2000 .

[4] Ankur Taly,et al. An Operational Semantics for JavaScript , 2008, APLAS.

[5] Craig A. Shue,et al. Proceedings of the ACM Conference on Computer and Communications Security , 2010 .

[6] Philippa Gardner,et al. Local Hoare reasoning about DOM , 2008, PODS.

[7] Benjamin C. Pierce,et al. Reactive noninterference , 2009, CCS.