Staged information flow for javascript

Chugh, Ravi; Meister, Jeffrey A.; Jhala, Ranjit; Lerner, Sorin

doi:10.1145/1542476.1542483

Cited by 159 publications

(36 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To mitigate this threat we constructed tests in a way that increases the sensitive branch coverage. However, multiple paths [27] hybrid ✓ ✓ -Chugh et al [15] hybrid ✓ ✓ ✓ Tripp et al [47] hybrid ✓ --Chudnov & Naumann [14] dynamic ✓ ✓ NSU Hedin et al [25] dynamic ✓ ✓ NSU Bichhawat et al [11] dynamic ✓ ✓ PU Kerschbaumer et al [31] dynamic ✓ ✓ -Bauer et al [9] dynamic ✓ --De Groef et al [17] dynamic MOD MOD MOD Austin & Flanagan [6] dynamic MOD MOD MOD cannot be covered due to a variety of reasons, e.g., error cases that cannot be easily triggered or unfeasible execution paths. Despite these limitations, our study produces interesting insights about the kinds of flows that appear in real-world JavaScript programs and the cost-benefit tradeoff of information flow analysis.…”

Section: Threats To Validitymentioning

confidence: 99%

“…Among the analyses that consider implicit flows, the majority stop or modify the program as soon as a hidden flow occurs. Information Flow Analysis for JavaScript Chugh et al propose a static-dynamic analysis that reports flows from code given to eval() to sensitive locations, such as the location bar of a site [15]. Austin and Flanagan address the problem of hidden implicit flows [4,5], as discussed in detail in Section 2.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Empirical Study of Information Flows in Real-World JavaScript

Staicu

Schoepe

Balliu

et al. 2019

Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security

View full text Add to dashboard Cite

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that also considers implicit flows. Dynamic analysis, which is particularly popular for languages such as JavaScript, faces the question whether to invest in analyzing flows caused by not executing a particular branch, so-called hidden implicit flows. This paper addresses the questions how common different kinds of flows are in real-world programs, how important these flows are to enforce security policies, and how costly it is to consider these flows. We address these questions in an empirical study that analyzes 56 real-world JavaScript programs that suffer from various security problems, such as code injection vulnerabilities, denial of service vulnerabilities, memory leaks, and privacy leaks. The study is based on a state-of-the-art dynamic information flow analysis and a formalization of its core. We find that implicit flows are expensive to track in terms of permissiveness, label creep, and runtime overhead. We find a lightweight taint analysis to be sufficient for most of the studied security problems, while for some privacy-related code, observable tracking is sometimes required. In contrast, we do not find any evidence that tracking hidden implicit flows reveals otherwise missed security problems. Our results help security analysts and analysis designers to understand the cost-benefit tradeoffs of information flow analysis and provide empirical evidence that analyzing implicit flows in a cost-effective way is a relevant problem. 2

show abstract

Section: Threats To Validitymentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

An Empirical Study of Information Flows in Real-World JavaScript

Staicu

Schoepe

Balliu

et al. 2019

Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security

View full text Add to dashboard Cite

show abstract

“…Chugh et al's staged program analysis [6] performs static analysis on as much code as is possible at compile time, and then computes a set of remaining checks to be performed at run time. Hummingbird uses a related idea in which no static analysis is performed at compile time, but type checking is always done when methods are called.…”

Section: Related Workmentioning

confidence: 99%

Just-in-time static type checking for dynamic languages

Ren

Foster

2016

SIGPLAN Not.

View full text Add to dashboard Cite

Dynamic languages such as Ruby, Python, and JavaScript have many compelling benefits, but the lack of static types means subtle errors can remain latent in code for a long time. While many researchers have developed various systems to bring some of the benefits of static types to dynamic languages, prior approaches have trouble dealing with metaprogramming, which generates code as the program executes. In this paper, we propose Hummingbird, a new system that uses a novel technique, just-in-time static type checking, to type check Ruby code even in the presence of metaprogramming. In Hummingbird, method type signatures are gathered dynamically at run-time, as those methods are created. When a method is called, Hummingbird statically type checks the method body against current type signatures. Thus, Hummingbird provides thorough static checks on a per-method basis, while also allowing arbitrarily complex metaprogramming. For performance, Hummingbird memoizes the static type checking pass, invalidating cached checks only if necessary. We formalize Hummingbird using a core, Ruby-like language and prove it sound. To evaluate Hummingbird, we applied it to six apps, including three that use Ruby on Rails, a powerful framework that relies heavily on metaprogramming. We found that all apps typecheck successfully using Hummingbird, and that Hummingbird's performance overhead is reasonable. We applied Hummingbird to earlier versions of one Rails app and found several type errors that had been introduced and then fixed. Lastly, we demonstrate using Hummingbird in Rails development mode to typecheck an app as live updates are applied to it.

show abstract

“…For example, Maffeis and coworkers [MMT09] achieve isolation properties between mashed-up scripts using filters, rewriting, and wrapping. Chugh and coworkers [CMJL09] present (among others) a dynamic information flow analysis based on wholesale rewriting. Yu and coworkers [YCIS07] perform rewriting guided by a security policy.…”

Section: Related Workmentioning

confidence: 99%

JSConTest: Contract-Driven Testing and Path Effect Inference for JavaScript.

Heidegger¹,

Thiemann²

2012

JOT

View full text Add to dashboard Cite

Program understanding is a major obstacle during program maintenance. In an object-oriented language, understanding an operation requires understanding its type and its effect on the object network. The effect is particularly important for scripting languages where there is neither class structure that restricts the shape of an object nor any other kind of access control.We have designed and implemented JSConTest, a tool that provides a facility to annotate JavaScript programs with type and effect contracts and to create random tests out of the contracts. Run-time monitoring for contracts is implemented with a program transformation. The effect of an operation is described by access permissions, which abstract sets of access paths along which the operation reads or writes object properties. Type contracts can also be used to drive guided random testing of the program.JSConTest contains an algorithm for computing access permissions from a set of access paths obtained by running the program. The main ingredient of the algorithm is a novel heuristic that produces precise and concise results without user interaction. It has been applied to a range of examples with encouraging results.

show abstract

Staged information flow for javascript

Cited by 159 publications

References 29 publications

An Empirical Study of Information Flows in Real-World JavaScript

An Empirical Study of Information Flows in Real-World JavaScript

Just-in-time static type checking for dynamic languages

JSConTest: Contract-Driven Testing and Path Effect Inference for JavaScript.

Contact Info

Product

Resources

About