Abstract
Client-side JavaScript programs often interact with the web page into which they are included, as well as with the browser itself, through APIs such as the DOM API, the XMLHttpRequest API, and the W3C Geolocation API. Precise reasoning about JavaScript security must therefore take API invocation into account. However, the continuous emergence of new APIs, and the heterogeneity of their forms and features, renders API behavior a moving target that is particularly hard to capture. To tackle this problem, we propose a methodology for modularly extending sound JavaScript information flow monitors with a generic API. Hence, to verify whether an extended monitor complies with the proposed noninterference property requires only to prove that the API satisfies a predefined set of conditions. In order to illustrate the practicality of our methodology, we show how an information flow monitor-inlining compiler can take into account the invocation of arbitrary APIs, without changing the code or the proofs of the original compiler. We provide an implementation of such a compiler with an extension for handling a fragment of the DOM Core Level 1 API. Furthermore, our implementation supports the addition of monitor extensions for new APIs at runtime.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
The 5.1th edition of ECMA 262, ECMAScript Language Specification. Technical report, ECMA 2011, June 2011
Almeida-Matos, A., Fragoso Santos, J., Rezk, T.: An information flow monitor for a core of DOM. In: Maffei, M., Tuosto, E. (eds.) TGC 2014. LNCS, vol. 8902, pp. 1–16. Springer, Heidelberg (2014)
Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: PLAS (2009)
Austin, T.H., Flanagan, C.: Permissive dynamic information flow analysis. In: PLAS (2010)
Austin, T.H., Flanagan, C.: Multiple facets for dynamic information flow. In: POPL (2012)
Banerjee, A., Naumann, D.A.: Secure information flow and pointer confinement in a java-like language. In: CSFW (2002)
Bielova, N.: Survey on javascript security policies and their enforcement mechanisms in a web browser. Special Issue on Automated Specification and Verification of Web Systems of JLAP (2013)
Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: CSF (2010)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Santos, J.F., Rezk, T.: An information flow monitor-inlining compiler for securing a core of javascript. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 278–292. Springer, Heidelberg (2014)
Gardner, P., Smith, G., Wheelhouse, M.J., Zarfaty, U.: Dom: Towards a formal specification. In: PLAN-X (2008)
Le Guernic, G.: Confidentiality Enforcement Using Dynamic Information Flow Analyses. Ph.D. thesis, Kansas State University (2007)
Guha, A., Lerner, B., Gibbs Politz, J., Krishnamurthi, S.: Web API verification: Results and challenges. In: Analysis of Security APIs (2012)
Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow: Tracking information flow in JavaScript and its APIs. In: SAC (2014)
Hedin, D., Sabelfeld, A.: Information-flow security for a core of javascript. In: CSF (2012)
Magazinius, J., Russo, A., Sabelfeld, A.: On-the-fly inlining of dynamic security monitors. Comput. Secur. 31, 827–843 (2012)
W3C Recommendation. DOM: Document Object Model (DOM). Technical report, W3C (2005)
Russo, A., Sabelfeld, A., Chudnov, A.: Tracking information flow in dynamic tree structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 86–103. Springer, Heidelberg (2009)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. J. Sel. Areas Commun. 21, 5–19 (2003)
Santos, J.F., Rezk, T.: Information flow monitor-inlining compiler. http://www-sop.inria.fr/indes/ifJS/
Taly, A., Erlingsson, U., Mitchell, J.C., Miller, M.S., Nagra, J.: Automated analysis of security-critical javascript apis. In: SP (2011)
Venkatakrishnan, V.N., Xu, W., DuVarney, D.C., Sekar, R.: Provably correct runtime enforcement of non-interference properties. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 332–351. Springer, Heidelberg (2006)
Garg, D., Rajani, V., Bichhawat, A., Hammer, C.: Information Flow control for Event Handling and the DOM in Web Browsers. In: CSF (2015). to appear
Acknowledgments
Fragoso Santos acknowledges funding from the EPSRC grant reference EP/K032089/1. No new data was collected in the course of this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Fragoso Santos, J., Rezk, T., Matos, A.A. (2016). Modular Monitor Extensions for Information Flow Security in JavaScript. In: Ganty, P., Loreti, M. (eds) Trustworthy Global Computing. TGC 2015. Lecture Notes in Computer Science(), vol 9533. Springer, Cham. https://doi.org/10.1007/978-3-319-28766-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-28766-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28765-2
Online ISBN: 978-3-319-28766-9
eBook Packages: Computer ScienceComputer Science (R0)