This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Access Control in JavaScript
September/October 2011 (vol. 28 no. 5)
pp. 76-84
Rodolfo Toledo, University of Chile
Eric Tanter, University of Chile
ZAC is a practical lightweight library for access control in JavaScript based on aspect orientation. Its access control architecture is stack based, similar to those of Java and C#. However, ZAC integrates other features for more expressive access control. First, access control policies can be enforced at the level of objects, which permits more fine-grained control over resource access. Second, policies in ZAC can base their decisions on scripts' execution history. This lets developers express policies that are impossible to define using other models, such as bounded-time execution.

1. ECMAScript Language Specification ECMA-262, 5th ed., ECMA Int'l, 2009.
2. C. Reis et al., "Browsershield: Vulnerability-Driven Filtering of Dynamic HTML," ACM Trans. Web, vol. 1, no. 3, 2007, article 11; doi:10.1145/1281480.1281481.
3. T. Elrad, R.E. Filman, and A. Bader, "Aspect-Oriented Programming," Comm. ACM, vol. 44, no. 10, 2001, pp. 29–32.
4. J. Gosling et al., The Java Language Specification, 3rd ed., Addison-Wesley, 2005.
5. A. Hejlsberg, S. Wiltamuth, and P. Golde, C# Language Specification, Addison Wesley Longman, 2003.
6. R. Toledo, P. Leger, and É. Tanter, "AspectScript: Expressive Aspects for the Web," Proc. 9th Int'l Conf. Aspect-Oriented Software Development (AOSD 10), ACM Press, 2010, pp. 13–24; doi:10.1145/1739230.1739233.
7. C. Fournet and A.D. Gordon, "Stack Inspection: Theory and Variants," ACM Trans. Programming Languages and Systems, vol. 25, no. 3, 2003, pp. 360–399.
8. É. Tanter, "Expressive Scoping of Dynamically-Deployed Aspects," Proc. 7th Int'l Conf. Aspect-Oriented Software Development (AOSD 08), ACM Press, 2008, pp. 13–24.

Index Terms:
language constructs and features, scripting languages, semantics, software, software engineering
Citation:
Rodolfo Toledo, Eric Tanter, "Access Control in JavaScript," IEEE Software, vol. 28, no. 5, pp. 76-84, Sept.-Oct. 2011, doi:10.1109/MS.2010.154
Usage of this product signifies your acceptance of the Terms of Use.