Information-Flow Security for a Core of JavaScript

Hedin, Daniel; Sabelfeld, Andrei

doi:10.1109/csf.2012.19

Cited by 131 publications

(153 citation statements)

References 34 publications

Supporting

Mentioning

153

Contrasting

Order By: Relevance

“…This research has aimed to develop, then to use, flexible and efficient systems that satisfy non-interference properties. For instance, this research effectively supports promising uses of dynamic information-flow control in Web browsers [5,8,12,21]. This research is often clever and intricate-so we do not attempt to give a complete description here, but we focus on some of the intricacies below.…”

Section: Static and Dynamic Language-based Information-flow Controlmentioning

confidence: 99%

A Functional View of Imperative Information Flow

Austin

Flanagan

Abadi

2012

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

Section: Static and Dynamic Language-based Information-flow Controlmentioning

confidence: 99%

A Functional View of Imperative Information Flow

Austin

Flanagan

Abadi

2012

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…One then tries to enforce that information only flows upward through the program. This is often formalised as non-interference -a deterministic program is non-interferent if there are no two runs of the program with inputs identical up to a level l but some different outputs at a level below l. While there has been a substantial body of research on information flow security over the past decades, the JavaScript language, and the web context bring significant additional challenges, including e.g., dealing with the dynamic nature of JavaScript [33,27].…”

Section: Information Flow Securitymentioning

confidence: 99%

“…Sabelfeld et al have proposed monitoring algorithms that can handle DOM-like structures [50], dynamic code evaluation [5] and timeouts [49]. In a recent paper, Hedin and Sabelfeld [27] propose dynamic mechanisms for all the core JavaScript language features. Austin and Flanagan [7] have developed alternative, sometimes more permissive techniques.…”

Section: Limitations and Future Workmentioning

confidence: 99%

Secure multi-execution of web scripts: Theory and practice

Groef

Devriese

Nikiforakis

et al. 2014

JCS

View full text Add to dashboard Cite

Secure Multi-Execution (SME) is a precise and general information flow control mechanism that was claimed to be a good fit for implementing information flow security in browsers. We validate this claim by developing FlowFox, the first fully functional web browser that implements an information flow control mechanism for web scripts based on the technique of secure multi-execution. We provide evidence for the security of FlowFox by proving non-interference for a formal model of the essence of FlowFox, and by showing how it stops real attacks. We provide evidence of usefulness by showing how FlowFox subsumes many ad-hoc script-containment countermeasures developed over the last years. An experimental evaluation on the Alexa top-500 web sites provides evidence for compatibility, and shows that FlowFox is compatible with the current web, even on sites that make intricate use of JavaScript.The performance and memory cost of FlowFox is substantial (a performance cost of around 20% on macro benchmarks for a simple two-level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet compatible policies refining the same-origin-policy in a way that is compatible with existing websites.

show abstract

“…There, the PUMP was used only to implement dynamic IFC; other special-purpose hardware mechanisms enforced properties such as memory safety [55] and compartmentalization [40]. Still, the PUMP design in the SAFE system was made quite flexible, since dynamic IFC is an active area of research, with various mechanisms [14], [18], [19], [48], [50], [78] and "label models" [61], [77] being proposed regularly, making baked-into-hardware solutions unattractive. A simple IFC micro-policy was studied formally for an idealized version of the SAFE processor [15].…”

Section: Related Workmentioning

confidence: 99%

Micro-Policies: Formally Verified, Tag-Based Security Monitors

Amorim¹,

Dénès

Giannarakis

et al. 2015

2015 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-Recent advances in hardware design have demonstrated mechanisms allowing a wide range of low-level security policies (or micro-policies) to be expressed using rules on metadata tags. We propose a methodology for defining and reasoning about such tag-based reference monitors in terms of a high-level "symbolic machine," and we use this methodology to define and formally verify micro-policies for dynamic sealing, compartmentalization, control-flow integrity, and memory safety; in addition, we show how to use the tagging mechanism to protect its own integrity. For each micro-policy, we prove by refinement that the symbolic machine instantiated with the policy's rules embodies a high-level specification characterizing a useful security property. Last, we show how the symbolic machine itself can be implemented in terms of a hardware rule cache and a software controller.

show abstract

Information-Flow Security for a Core of JavaScript

Cited by 131 publications

References 34 publications

A Functional View of Imperative Information Flow

A Functional View of Imperative Information Flow

Secure multi-execution of web scripts: Theory and practice

Micro-Policies: Formally Verified, Tag-Based Security Monitors

Contact Info

Product

Resources

About