Tracking Information Flow in Dynamic Tree Structures

  • Alejandro Russo
  • Andrei Sabelfeld
  • Andrey Chudnov
Conference paper

DOI: 10.1007/978-3-642-04444-1_6

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)
Cite this paper as:
Russo A., Sabelfeld A., Chudnov A. (2009) Tracking Information Flow in Dynamic Tree Structures. In: Backes M., Ning P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg

Abstract

This paper explores the problem of tracking information flow in dynamic tree structures. Motivated by the problem of manipulating the Document Object Model (DOM) trees by browser-run client-side scripts, we address the dynamic nature of interactions via tree structures. We present a runtime enforcement mechanism that monitors this interaction and prevents a range of attacks, some of them missed by previous approaches, that exploit the tree structure in order to transfer sensitive information. We formalize our approach for a simple language with DOM-like tree operations and show that the monitor prevents scripts from disclosing secrets.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Alejandro Russo
    • 1
  • Andrei Sabelfeld
    • 1
  • Andrey Chudnov
    • 2
  1. 1.Chalmers University of TechnologySweden
  2. 2.Stevens Institute of TechnologyUSA

Personalised recommendations