Building Secure Systems using Programming Languages and Analysis

COWL questions

  1. Why are labeled blobs crucial for making COWL practical? (Can’t a context just raise its label to ensure that a receiving context is at least as sensitive before sending it data? Come up with a scenario where this wouldn’t work.)

  2. Why does COWL not allow arbitrary JavaScript objects to be labeled and sent via postMessage? (I.e., why must objects be structurally clonable?)

  3. One can think of COWL as an adaptation of LIO for the browser. But, unlike for LIO, we cannot prove termination-sensitive non-interference (TSNI) for COWL. Recall what TSNI is and explain why we can’t prove this COWL.