Advertisement

Information Flow Control for Web Scripts

  • Willem De Groef
  • Dominique Devriese
  • Mathy Vanhoef
  • Frank Piessens
Chapter
  • 726 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8604)

Abstract

Modern web applications heavily rely on JavaScript code executing in the browser. These web scripts are useful for instance for improving the interactivity and responsiveness of web applications, and for gathering web analytics data. However, the execution of server-provided code in the browser also brings substantial security and privacy risks. Web scripts can access a fair amount of sensitive information, and can leak this information to anyone on the Internet. This tutorial paper discusses information flow control mechanisms for countering these threats. We formalize both a static, type-system based and a dynamic, multi-execution based enforcement mechanism, and show by means of examples how these mechanisms can enforce the security of information flows in web scripts.

Keywords

web scripts JavaScript security information flow control 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agten, P., Van Acker, S., Brondsema, Y., Phung, P.H., Desmet, L., Piessens, F.: JSand: Complete Client-Side Sandboxing of Third-Party JavaScript without Browser Modifications. In: Proceedings of the Annual Computer Security Applications Conference, pp. 1–10 (2012)Google Scholar
  2. 2.
    Askarov, A., Sabelfeld, A.: Tight Enforcement of Information-Release Policies for Dynamic Languages. In: Proceedings of the IEEE Computer Security Foundations Symposium, pp. 43–59 (2009)Google Scholar
  3. 3.
    Austin, T.H., Flanagan, C.: Permissive Dynamic Information Flow Analysis. In: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pp. 3:1–3:12 (2010)Google Scholar
  4. 4.
    Austin, T.H., Flanagan, C.: Multiple Facets for Dynamic Information Flow. In: Proc. of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 165–178 (2012)Google Scholar
  5. 5.
    Barthe, G., Crespo, J.M., Devriese, D., Piessens, F., Rivas, E.: Secure Multi-Execution through Static Program Transformation. In: Giese, H., Rosu, G. (eds.) FMOODS/FORTE 2012. LNCS, vol. 7273, pp. 186–202. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Bielova, N., Devriese, D., Massacci, F., Piessens, F.: Reactive non-interference for a browser model. In: Proc. of the International Conference on Network and System Security, pp. 97–104 (2011)Google Scholar
  7. 7.
    Bohannon, A., Pierce, B.C.: Featherweight firefox: Formalizing the core of a web browser. In: Proceedings of the 2010 USENIX Conference on Web Application Development, WebApps 2010, p. 11. USENIX Association, Berkeley (2010)Google Scholar
  8. 8.
    Bohannon, A., Pierce, B.C., Sjöberg, V., Weirich, S., Zdancewic, S.: Reactive Noninterference. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 79–90 (2009)Google Scholar
  9. 9.
    Capizzi, R., Longo, A., Venkatakrishnan, V., Sistla, A.: Preventing Information Leaks through Shadow Executions. In: Proc. of the Annual Computer Security Applications Conference, pp. 322–331 (2008)Google Scholar
  10. 10.
    Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged Information Flow for JavaScript. ACM SIGPLAN Notices 44(6), 50–62 (2009)CrossRefGoogle Scholar
  11. 11.
    Crockford, D.: Adsafe (December 2009), http://www.adsafe.org/
  12. 12.
    De Groef, W., Devriese, D., Nikiforakis, N., Piessens, F.: FlowFox: a Web Browser with Flexible and Precise Information Flow Control. In: Proc. of the ACM Conference on Computer and Communications Security, pp. 748–759 (2012)Google Scholar
  13. 13.
    De Groef, W., Devriese, D., Nikiforakis, N., Piessens, F.: Secure multi-execution of web scripts: Theory and practice. Journal of Computer Security (2014)Google Scholar
  14. 14.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)CrossRefzbMATHGoogle Scholar
  15. 15.
    Devriese, D., Piessens, F.: Noninterference Through Secure Multi-Execution. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 109–124 (2010)Google Scholar
  16. 16.
    Fenton, J.S.: Memoryless subsystems. Comput. J. 17(2), 143–147 (1974)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Hedin, D., Sabelfeld, A.: Information-Flow Security for a Core of JavaScript. In: Proc. of the IEEE Computer Security Foundations Symposium, pp. 3–18 (2012)Google Scholar
  18. 18.
    Jang, D., Jhala, R., Lerner, S., Shacham, H.: An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications. In: Proc. of the ACM Conference on Computer and Communications Security, pp. 270–283 (2010)Google Scholar
  19. 19.
    Just, S., Cleary, A., Shirley, B., Hammer, C.: Information Flow Analysis for JavaScript. In: Proc. of the ACM SIGPLAN International Workshop on Programming Language and Systems Technologies for Internet Clients, pp. 9–18 (2011)Google Scholar
  20. 20.
    Kashyap, V., Wiedermann, B., Hardekopf, B.: Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach. In: Proc. of the IEEE Conference on Security and Privacy, pp. 413–428 (2011)Google Scholar
  21. 21.
    Khatiwala, T., Swaminathan, R., Venkatakrishnan, V.: Data Sandboxing: A Technique for Enforcing Confidentiality Policies. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC), pp. 223–234 (2006)Google Scholar
  22. 22.
    Le Guernic, G.: Confidentiality Enforcement Using Dynamic Information Flow Analyses. Ph.D. thesis, Kansas State University (2007)Google Scholar
  23. 23.
    Maffeis, S., Mitchell, J.C., Taly, A.: Object Capabilities and Isolation of Untrusted Web Applications. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 125–140 (2010)Google Scholar
  24. 24.
    Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized javascript (January 2008), http://google-caja.googlecode.com/files/caja-spec-2008-01-15.pdf
  25. 25.
    Nikiforakis, N., Invernizzi, L., Kapravelos, A., Van Acker, S., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions. In: Proc. of the ACM Conference on Computer and Communications Security, pp. 736–747 (2012)Google Scholar
  26. 26.
    Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In: Proceedings of the 34th IEEE Symposium on Security & Privacy, pp. 541–555 (May 2013)Google Scholar
  27. 27.
    Rafnsson, W., Sabelfeld, A.: Secure multi-execution: fine-grained, declassification-aware, and transparent. In: Proc. of the IEEE Computer Security Foundations Symposium, CSF (2013)Google Scholar
  28. 28.
    Russo, A., Sabelfeld, A.: Securing Timeout Instructions in Web Applications. In: Proceedings of the IEEE Computer Security Foundations Symposium, pp. 92–106 (2009)Google Scholar
  29. 29.
    Russo, A., Sabelfeld, A., Chudnov, A.: Tracking Information Flow in Dynamic Tree Structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 86–103. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas of Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  31. 31.
    Sabelfeld, A., Russo, A.: From dynamic to static and back: Riding the roller coaster of information-flow control research. In: Pnueli, A., Virbitskaite, I., Voronkov, A. (eds.) PSI 2009. LNCS, vol. 5947, pp. 352–365. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  32. 32.
    Van Acker, S., De Ryck, P., Desmet, L., Piessens, F., Joosen, W.: Webjail: Least-privilege integration of third-party components in web mashups. In: ACSAC (2011), https://lirias.kuleuven.be/handle/123456789/316291
  33. 33.
    Vanhoef, M., De Groef, W., Devriese, D., Piessens, F., Rezk, T.: Stateful declassification policies for event-driven programs. In: Proc. of the IEEE Computer Security Foundations Symposium, CSF (2014)Google Scholar
  34. 34.
    Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Krügel, C., Vigna, G.: Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: Proceedings of the Network & Distributed System Security Symposium (2007)Google Scholar
  35. 35.
    Xu, W., Bhatkar, S., Sekar, R.: Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. In: Proceedings of the USENIX Security Symposium, pp. 121–136 (2006)Google Scholar
  36. 36.
    Yumerefendi, A.R., Mickle, B., Cox, L.P.: TightLip: Keeping Applications from Spilling the Beans. In: Proceedings of the USENIX Symposium on Network Systems Design & Implementation, pp. 159–172 (2007)Google Scholar
  37. 37.
    Zanarini, D., Jaskelioff, M., Russo, A.: Precise enforcement of confidentiality for reactive systems. In: Proc. of the IEEE Computer Security Foundations Symposium, CSF (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Willem De Groef
    • 1
  • Dominique Devriese
    • 1
  • Mathy Vanhoef
    • 1
  • Frank Piessens
    • 1
  1. 1.iMinds-DistriNetKU LeuvenLeuvenBelgium

Personalised recommendations