Computer Security – ESORICS 2009

Volume 5789 of the series Lecture Notes in Computer Science pp 86-103

Tracking Information Flow in Dynamic Tree Structures

  • Alejandro RussoAffiliated withChalmers University of Technology
  • , Andrei SabelfeldAffiliated withChalmers University of Technology
  • , Andrey ChudnovAffiliated withStevens Institute of Technology

* Final gross prices may vary according to local VAT.

Get Access


This paper explores the problem of tracking information flow in dynamic tree structures. Motivated by the problem of manipulating the Document Object Model (DOM) trees by browser-run client-side scripts, we address the dynamic nature of interactions via tree structures. We present a runtime enforcement mechanism that monitors this interaction and prevents a range of attacks, some of them missed by previous approaches, that exploit the tree structure in order to transfer sensitive information. We formalize our approach for a simple language with DOM-like tree operations and show that the monitor prevents scripts from disclosing secrets.