Internet Archive Scholar

Succour to the Confused Deputy [chapter]

Radha Jagadeesan, Corin Pitcher, James Riely
<span title="">2012</span> <i title="Springer Berlin Heidelberg"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (355.7 kB)
https://web.archive.org/web/20170811114711/http://fpl.cs.depaul.edu/jriely/papers/2012-confused.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit <a rel="external noopener" href="http://fpl.cs.depaul.edu/jriely/papers/2012-confused.pdf">the original URL</a>. The file type is <code>application/pdf</code>.

The possession of secrets is a recurrent theme in security literature and practice. We present a refinement type system, based on indexed intuitonist S4 necessity, for an object calculus with explicit locations (corresponding to principals) to control the principals that may possess a secret. Type safety ensures that if the execution of a well-typed program leads to a configuration with an object p located at principal a, then a possesses the capability to p. We illustrate the type system with
more &raquo; ... imple examples drawn from web applications, including an illustration of how Cross-Site Request Forgery (CSRF) vulnerabilities may manifest themselves as absurd refinements on object declarations during type checking. This is an extended version of a paper that appears in APLAS 2012.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-642-35182-2_6">doi:10.1007/978-3-642-35182-2_6</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/wa2px5bctbfdxgzlet7sxsurhm">fatcat:wa2px5bctbfdxgzlet7sxsurhm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170811114711/http://fpl.cs.depaul.edu/jriely/papers/2012-confused.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/7b/cf/7bcfb2eb19f5075535998ae29246cac449011895.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-642-35182-2_6"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>
Citation

Radha Jagadeesan, Corin Pitcher, James Riely. "Succour to the Confused Deputy." Lecture Notes in Computer Science (2012) 66-81