Chapter

Trust and Trustworthy Computing

Volume 7904 of the series Lecture Notes in Computer Science pp 187-195

Towards Precise and Efficient Information Flow Control in Web Browsers

  • Christoph KerschbaumerAffiliated withUniversity of California
  • , Eric HenniganAffiliated withUniversity of California
  • , Per LarsenAffiliated withUniversity of California
  • , Stefan BrunthalerAffiliated withUniversity of California
  • , Michael FranzAffiliated withUniversity of California

* Final gross prices may vary according to local VAT.

Get Access

Abstract

JavaScript (JS) has become the dominant programming language of the Internet and powers virtually every web page. If an adversary manages to inject malicious JS into a web page, confidential user data such as credit card information and keystrokes may be exfiltrated without the users knowledge.

We present a comprehensive approach to information flow security that allows precise labeling of scripting-exposed browser subsystems: the JS engine, the Document Object Model, and user generated events. Our experiments show that our framework is precise and efficient, and detects information exfiltration attempts by monitoring network requests.