The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2011 vol.28)
pp: 76-84
Rodolfo Toledo , University of Chile
Eric Tanter , University of Chile
ABSTRACT
ZAC is a practical lightweight library for access control in JavaScript based on aspect orientation. Its access control architecture is stack based, similar to those of Java and C#. However, ZAC integrates other features for more expressive access control. First, access control policies can be enforced at the level of objects, which permits more fine-grained control over resource access. Second, policies in ZAC can base their decisions on scripts' execution history. This lets developers express policies that are impossible to define using other models, such as bounded-time execution.
INDEX TERMS
language constructs and features, scripting languages, semantics, software, software engineering
CITATION
Rodolfo Toledo, Eric Tanter, "Access Control in JavaScript", IEEE Software, vol.28, no. 5, pp. 76-84, September/October 2011, doi:10.1109/MS.2010.154
REFERENCES
1. ECMAScript Language Specification ECMA-262, 5th ed., ECMA Int'l, 2009.
2. C. Reis et al., "Browsershield: Vulnerability-Driven Filtering of Dynamic HTML," ACM Trans. Web, vol. 1, no. 3, 2007, article 11; doi:10.1145/1281480.1281481.
3. T. Elrad, R.E. Filman, and A. Bader, "Aspect-Oriented Programming," Comm. ACM, vol. 44, no. 10, 2001, pp. 29–32.
4. J. Gosling et al., The Java Language Specification, 3rd ed., Addison-Wesley, 2005.
5. A. Hejlsberg, S. Wiltamuth, and P. Golde, C# Language Specification, Addison Wesley Longman, 2003.
6. R. Toledo, P. Leger, and É. Tanter, "AspectScript: Expressive Aspects for the Web," Proc. 9th Int'l Conf. Aspect-Oriented Software Development (AOSD 10), ACM Press, 2010, pp. 13–24; doi:10.1145/1739230.1739233.
7. C. Fournet and A.D. Gordon, "Stack Inspection: Theory and Variants," ACM Trans. Programming Languages and Systems, vol. 25, no. 3, 2003, pp. 360–399.
8. É. Tanter, "Expressive Scoping of Dynamically-Deployed Aspects," Proc. 7th Int'l Conf. Aspect-Oriented Software Development (AOSD 08), ACM Press, 2008, pp. 13–24.
57 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool