Staged information flow for javascript

Chugh, Ravi; Meister, Jeffrey A.; Jhala, Ranjit; Lerner, Sorin

doi:10.1145/1543135.1542483

Cited by 110 publications

(137 citation statements)

References 29 publications

Supporting

Mentioning

137

Contrasting

Order By: Relevance

“…Bohannan et al [14,13] define a notion of non-interference for reactive systems, and show how a model browser can be formalized as such a reactive system. Chugh et al [18] have developed a novel multi-stage static technique for enforcing information flow security in JavaScript. BFlow [58] provides a framework for building privacy-preserving web applications and includes a coarse-grained dynamic information flow control monitor.…”

Section: Limitations and Future Workmentioning

confidence: 99%

Secure multi-execution of web scripts: Theory and practice

Groef

Devriese

Nikiforakis

et al. 2014

JCS

View full text Add to dashboard Cite

Secure Multi-Execution (SME) is a precise and general information flow control mechanism that was claimed to be a good fit for implementing information flow security in browsers. We validate this claim by developing FlowFox, the first fully functional web browser that implements an information flow control mechanism for web scripts based on the technique of secure multi-execution. We provide evidence for the security of FlowFox by proving non-interference for a formal model of the essence of FlowFox, and by showing how it stops real attacks. We provide evidence of usefulness by showing how FlowFox subsumes many ad-hoc script-containment countermeasures developed over the last years. An experimental evaluation on the Alexa top-500 web sites provides evidence for compatibility, and shows that FlowFox is compatible with the current web, even on sites that make intricate use of JavaScript.The performance and memory cost of FlowFox is substantial (a performance cost of around 20% on macro benchmarks for a simple two-level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet compatible policies refining the same-origin-policy in a way that is compatible with existing websites.

show abstract

Section: Limitations and Future Workmentioning

confidence: 99%

Secure multi-execution of web scripts: Theory and practice

Groef

Devriese

Nikiforakis

et al. 2014

JCS

View full text Add to dashboard Cite

show abstract

“…Despite the above progress on inlining security checks in JavaScript, achieving information-flow security for client-side JavaScript by inlining has been out of reach for the current methods [40,8,43,21,17] that either modify the browser or perform the analysis out-of-the-browser.…”

Section: Related Workmentioning

confidence: 99%

Architectures for Inlining Security Monitors in Web Applications

Magazinius

Hedin

Sabelfeld

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-party JavaScript libraries exacerbates the problem because it is executed with the same privileges as the code that uses the libraries. An additional complication is that the different stakeholders have different interests in the security policies to be enforced in web applications. This paper focuses on securing JavaScript code by inlining security checks in the code before it is executed. We achieve great flexibility in the deployment options by considering security monitors implemented as security-enhanced JavaScript interpreters. We propose architectures for inlining security monitors for JavaScript: via browser extension, via web proxy, via suffix proxy (web service), and via integrator. Being parametric in the monitor itself, the architectures provide freedom in the choice of where the monitor is injected, allowing to serve the interests of the different stake holders: the users, code developers, code integrators, as well as the system and network administrators. We report on experiments that demonstrate successful deployment of a JavaScript information-flow monitor with the different architectures.

show abstract

“…Recent work on information flow and non-interference show promise for ensuring fine-grained data-confinement in JavaScript; unfortunately, these techniques currently have high overhead for modern applications [16]. IBEX proposed writing extensions in a high-level language (FINE) that can later by analyzed to ensure conformance with specific policies [21].…”

Section: Related Workmentioning

confidence: 99%

Data-Confined HTML5 Applications

Akhawe

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Rich client-side applications written in HTML5 proliferate diverse platforms such as mobile devices, commodity PCs, and the web platform. These client-side HTML5 applications are increasingly accessing sensitive data, including users' personal and social data, sensor data, and capability-bearing tokens. To fulfill their security and privacy guarantees, these applications need to maintain certain data-confinement invariants. These invariants are not explicitly stated in today's HTML5 applications and are enforced using ad-hoc mechanisms. The complexity of web applications, coupled with hard-to-analyze client-side languages, leads to low-assurance data-confinement mechanisms in which the whole application needs to be in the TCB to ensure data-confinement invariants.We propose a new mechanism called a data-confined sandbox or DCS. A DCS enables complete mediation of communication channels in a high-assurance, small-TCB manner. Our primitive extends currently standardized primitives and has negligible performance overhead and a modest compatibility cost to retrofit into existing applications. We re-implement four real-world HTML5 applications with our proposed design with a small amount of effort, achieving much stronger data-confinement guarantees. We also study over twenty HTML5 applications and find that dataconfinement invariants are implicit in the vast majority of them and crucial to achieving their privacy expectations.

show abstract

Staged information flow for javascript

Cited by 110 publications

References 29 publications

Secure multi-execution of web scripts: Theory and practice

Secure multi-execution of web scripts: Theory and practice

Architectures for Inlining Security Monitors in Web Applications

Data-Confined HTML5 Applications

Contact Info

Product

Resources

About