ADsafety: Type-Based Verification of JavaScript Sandboxing

Joe Gibbs Politz, Spiridon Aristides Eliopoulos, Arjun Guha, Shriram Krishnamurthi

USENIX Security Symposium, 2011


Web sites routinely incorporate JavaScript programs from several sources into a single page. These sources must be protected from one another, which requires robust sandboxing. The many entry-points of sandboxes and the subtleties of JavaScript demand robust verification of the actual sandbox source. We use a novel type system for JavaScript to encode and verify sandboxing properties. The resulting verifier is lightweight and efficient, and operates on actual source. We demonstrate the effectiveness of our technique by applying it to ADsafe, which revealed several bugs and other weaknesses.


Please read the journal version instead. Rather than a minimal revision, it is a substantial improvement over this version of the paper. It provides a better description of the problem and of the solution approach; provides a thorough description of the technical approach; fixes some mistakes in this version; and reflects progress since this version was written. This version should be regarded as purely archival.



These papers may differ in formatting from the versions that appear in print. They are made available only to support the rapid dissemination of results; the printed versions, not these, should be considered definitive. The copyrights belong to their respective owners.