An empirical study of privacy-violating information flows in JavaScript web applications

Jang, Dongseok; Jhala, Ranjit; Lerner, Sorin; Shacham, Hovav

doi:10.1145/1866307.1866339

Cited by 131 publications

(103 citation statements)

References 23 publications

(31 reference statements)

Supporting

Mentioning

100

Contrasting

Order By: Relevance

“…Scripts can leak session identifiers [44], inject requests into an ongoing session [9], sniff the user's browsing history, or track the user's behavior on a web site [29]. Such malicious scripts can enter a web page because of a cross-site scripting vulnerability [31], or because the page integrates third party scripts such as advertisements, or gadgets.…”

Section: Introductionmentioning

confidence: 99%

“…Several researchers [14,40] have proposed information flow control as a general and powerful security enforcement mechanism that can address many of these attacks, and hence reduce the need for ad-hoc or The adaptation of the Style API is an example of an ad-hoc countermeasure specifically developed to mitigate the history sniffing threat [8], but most of the privacy leaks described by Jang et al [29] are not yet countered in modern browsers.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure multi-execution of web scripts: Theory and practice

Groef

Devriese

Nikiforakis

et al. 2014

JCS

View full text Add to dashboard Cite

Secure Multi-Execution (SME) is a precise and general information flow control mechanism that was claimed to be a good fit for implementing information flow security in browsers. We validate this claim by developing FlowFox, the first fully functional web browser that implements an information flow control mechanism for web scripts based on the technique of secure multi-execution. We provide evidence for the security of FlowFox by proving non-interference for a formal model of the essence of FlowFox, and by showing how it stops real attacks. We provide evidence of usefulness by showing how FlowFox subsumes many ad-hoc script-containment countermeasures developed over the last years. An experimental evaluation on the Alexa top-500 web sites provides evidence for compatibility, and shows that FlowFox is compatible with the current web, even on sites that make intricate use of JavaScript.The performance and memory cost of FlowFox is substantial (a performance cost of around 20% on macro benchmarks for a simple two-level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet compatible policies refining the same-origin-policy in a way that is compatible with existing websites.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Secure multi-execution of web scripts: Theory and practice

Groef

Devriese

Nikiforakis

et al. 2014

JCS

View full text Add to dashboard Cite

show abstract

“…However, once third-party code is included in a web page, it is executed with the same privileges as the code that uses the libraries. This gives rise to a number of attack possibilities that include location hijacking, behavioral tracking, leaking cookies, and sniffing browsing history [21]. Security policy stakeholders An additional complication is that the different stakeholders have different interests in the security policies to be enforced in web applications.…”

Section: Introductionmentioning

confidence: 99%

“…Our focus on information flow is justified by the nature of the JavaScript attacks from the empirical studies [21,32] that demonstrate the current security practices fail to prevent such attacks as location hijacking, behavioral tracking, leaking cookies, and sniffing browsing history. Jang et al [21] report on both explicit and implicit flows exploited in the empirical studies.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Architectures for Inlining Security Monitors in Web Applications

Magazinius

Hedin

Sabelfeld

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Securing JavaScript in the browser is an open and challenging problem. Code from pervasive third-party JavaScript libraries exacerbates the problem because it is executed with the same privileges as the code that uses the libraries. An additional complication is that the different stakeholders have different interests in the security policies to be enforced in web applications. This paper focuses on securing JavaScript code by inlining security checks in the code before it is executed. We achieve great flexibility in the deployment options by considering security monitors implemented as security-enhanced JavaScript interpreters. We propose architectures for inlining security monitors for JavaScript: via browser extension, via web proxy, via suffix proxy (web service), and via integrator. Being parametric in the monitor itself, the architectures provide freedom in the choice of where the monitor is injected, allowing to serve the interests of the different stake holders: the users, code developers, code integrators, as well as the system and network administrators. We report on experiments that demonstrate successful deployment of a JavaScript information-flow monitor with the different architectures.

show abstract