Computer Security – ESORICS 2009

Volume 5789 of the series Lecture Notes in Computer Science pp 86-103

Tracking Information Flow in Dynamic Tree Structures

  • Alejandro RussoAffiliated withLancaster UniversityChalmers University of Technology
  • , Andrei SabelfeldAffiliated withLancaster UniversityChalmers University of Technology
  • , Andrey ChudnovAffiliated withLancaster UniversityStevens Institute of Technology

* Final gross prices may vary according to local VAT.

Get Access


This paper explores the problem of tracking information flow in dynamic tree structures. Motivated by the problem of manipulating the Document Object Model (DOM) trees by browser-run client-side scripts, we address the dynamic nature of interactions via tree structures. We present a runtime enforcement mechanism that monitors this interaction and prevents a range of attacks, some of them missed by previous approaches, that exploit the tree structure in order to transfer sensitive information. We formalize our approach for a simple language with DOM-like tree operations and show that the monitor prevents scripts from disclosing secrets.