In the case of dynamic languages, e.g., prototype-based ones like Javascript, currently no type system is powerful enough to handle common language idioms, which hinders the adoption of security-typing in practical settings. As a solution this paper proposes to handle method-not-understood errors in the security type system: the type system does not enforce regular soundness, so well-typed programs might fail, but even in case of such errors non-interference is ensured. This paper outlines this approach and provides an initial investigation of its feasibility. A security type system for a functional object calculus with extension is presented and shown to enforce non-interference.
Presented at FOOL 2011; Sunday, 23 October 2011; Portland, Oregon, USA