Towards Precise and Efficient Information Flow Control in Web Browsers

  • Christoph Kerschbaumer
  • Eric Hennigan
  • Per Larsen
  • Stefan Brunthaler
  • Michael Franz
Conference paper

DOI: 10.1007/978-3-642-38908-5_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7904)
Cite this paper as:
Kerschbaumer C., Hennigan E., Larsen P., Brunthaler S., Franz M. (2013) Towards Precise and Efficient Information Flow Control in Web Browsers. In: Huth M., Asokan N., Čapkun S., Flechais I., Coles-Kemp L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg

Abstract

JavaScript (JS) has become the dominant programming language of the Internet and powers virtually every web page. If an adversary manages to inject malicious JS into a web page, confidential user data such as credit card information and keystrokes may be exfiltrated without the users knowledge.

We present a comprehensive approach to information flow security that allows precise labeling of scripting-exposed browser subsystems: the JS engine, the Document Object Model, and user generated events. Our experiments show that our framework is precise and efficient, and detects information exfiltration attempts by monitoring network requests.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Christoph Kerschbaumer
    • 1
  • Eric Hennigan
    • 1
  • Per Larsen
    • 1
  • Stefan Brunthaler
    • 1
  • Michael Franz
    • 1
  1. 1.University of CaliforniaIrvineUSA

Personalised recommendations