skip to main content
10.1145/2103656.2103677acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
research-article

Multiple facets for dynamic information flow

Published:25 January 2012Publication History

ABSTRACT

JavaScript has become a central technology of the web, but it is also the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources runs with full privileges. We implement information flow controls in Firefox to help prevent violations of data confidentiality and integrity. Most previous information flow techniques have primarily relied on either static type systems, which are a poor fit for JavaScript, or on dynamic analyses that sometimes get stuck due to problematic implicit flows, even in situations where the target web application correctly satisfies the desired security policy. We introduce faceted values, a new mechanism for providing information flow security in a dynamic manner that overcomes these limitations. Taking inspiration from secure multi-execution, we use faceted values to simultaneously and efficiently simulate multiple executions for different security levels, thus providing non-interference with minimal overhead, and without the reliance on the stuck executions of prior dynamic approaches.

Skip Supplemental Material Section

Supplemental Material

popl_3a_1.mp4

References

  1. Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands. Termination-insensitive noninterference leaks more than just a bit. In ESORICS '08, pages 333--348. Springer-Verlag, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Aslan Askarov and Andrew Myers. A semantic framework for declassification and endorsement. In ESOP, pages 64--84, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Aslan Askarov and Andrei Sabelfeld. Tight enforcement of information-release policies for dynamic languages. In IEEE Computer Security Foundations Symposium, pages 43--59, Washington, DC, USA, 2009. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Thomas H. Austin. ZaphodFacetes github page. https://github.com/taustin/ZaphodFacets, 2011.Google ScholarGoogle Scholar
  5. Thomas H. Austin and Cormac Flanagan. Efficient purely-dynamic information flow analysis. In PLAS '09: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, pages 113--124, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Thomas H. Austin and Cormac Flanagan. Permissive dynamic information flow analysis. In Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pages 1--12. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Arnar Birgisson, Alejandro Russo, and Andrei Sabelfeld. Capabilities for information flow. In PLAS '11: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Aaron Bohannon, Benjamin C. Pierce, Vilhelm Sjöberg, Stephanie Weirich, and Steve Zdancewic. Reactive noninterference. In ACM Conference on Computer and Communications Security, pages 79--90, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. R. Capizzi, A. Longo, V.N. Venkatakrishnan, and A.P. Sistla. Preventing information leaks through shadow executions. In ACSAC, pages 322 --331, dec 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Stephen Chong and Andrew C. Myers. Security policies for downgrading. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 198--209, New York, NY, USA, 2004. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. Staged information flow for javascript. In PLDI, pages 50--62, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Dorothy E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, 1976. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Dominique Devriese and Frank Piessens. Noninterference through secure multi-execution. Security and Privacy, IEEE Symposium on, 0:109--124, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Mohan Dhawan and Vinod Ganapathy. Analyzing information flow in javascript-based browser extensions. In ACSAC, pages 382--391, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Brendan Eich. Narcissus--JS implemented in JS. Available on the web at https://github.com/mozilla/narcissus/.Google ScholarGoogle Scholar
  16. J. S. Fenton. Memoryless subsystems. The Computer Journal, 17(2):143--147, 1974.Google ScholarGoogle ScholarCross RefCross Ref
  17. Andreas Gal, David Flanagan, and Donovon Preston. dom.js github page. https://github.com/andreasgal/dom.js, accessed October 2011, 2011.Google ScholarGoogle Scholar
  18. Gurvan Le Guernic, Anindya Banerjee, Thomas P. Jensen, and David A. Schmidt. Automata-based confidentiality monitoring. In ASIAN, pages 75--89, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Nevin Heintze and Jon G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Symposium on Principles of Programming Languages, pages 365--377, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Sebastian Hunt and David Sands. On flow-sensitive security types. In POPL, pages 79--90, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Dongseok Jang, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. An empirical study of privacy-violating information flows in javascript web applications. In ACM Conference on Computer and Communications Security, pages 270--283, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jif homepage. http://www.cs.cornell.edu/jif/, accessed October 2010.Google ScholarGoogle Scholar
  23. Vineeth Kashyap, Ben Wiedermann, and Ben Hardekopf. Timing- and termination-sensitive secure information flow: Exploring a new approach. In IEEE Security and Privacy, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Dave King, Boniface Hicks, Michael Hicks, and Trent Jaeger. Implicit flows: Can't live with 'em, can't live without 'em. In International Conference on Information Systems Security, pages 56--70, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert. Rozzle: De-cloaking internet malware. Technical Report MSR-TR-2011--94, Microsoft Research Technical Report, 20011.Google ScholarGoogle Scholar
  26. Mozilla labs: Zaphod add-on for the firefox browser. http://mozillalabs.com/zaphod, accessed October 2010.Google ScholarGoogle Scholar
  27. Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Symposium on Principles of Programming Languages, pages 228--241, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. François Pottier and Vincent Simonet. Information flow inference for ML. Transactions on Programming Languages and Systems, 25(1):117--158, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Willard Rafnsson and Andrei Sabelfeld. Limiting information leakage in event-based communication. In PLAS '11: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Alejandro Russo and Andrei Sabelfeld. Securing timeout instructions in web applications. In IEEE Computer Security Foundations Symposium, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Alejandro Russo and Andrei Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In IEEE Computer Security Foundations Symposium. IEEE Computer Society, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Alejandro Russo, Andrei Sabelfeld, and Andrey Chudnov. Tracking information flow in dynamic tree structures. In ESORICS, pages 86--103, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Andrei Sabelfeld and Andrew C. Myers. Language-based information-flow security. Selected Areas in Communications, IEEE Journal on, 21(1):5--19, Jan 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Paritosh Shroff, Scott F. Smith, and Mark Thober. Dynamic dependency monitoring to secure information flow. In CSF, pages 203--217, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Jeffrey Vaughan and Stephen Chong. Inference of expressive declassification policies. In IEEE Security and Privacy, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Krügel, and Giovanni Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In NDSS, 2007.Google ScholarGoogle Scholar
  37. Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2--3):167--187, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Webkit.org. SunSpider JavaScript benchmark. http://www.webkit.org/perf/sunspider/sunspider.html, accessed October 2011.Google ScholarGoogle Scholar
  39. Stephan Arthur Zdancewic. Programming languages for information security. PhD thesis, Cornell University, 2002.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Steve Zdancewic. A type system for robust declassification. In 19th Mathematical Foundations of Programming Semantics Conference, 2003.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Multiple facets for dynamic information flow

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in
        • Published in

          cover image ACM Conferences
          POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
          January 2012
          602 pages
          ISBN:9781450310833
          DOI:10.1145/2103656
          • cover image ACM SIGPLAN Notices
            ACM SIGPLAN Notices  Volume 47, Issue 1
            POPL '12
            January 2012
            569 pages
            ISSN:0362-1340
            EISSN:1558-1160
            DOI:10.1145/2103621
            Issue’s Table of Contents

          Copyright © 2012 ACM

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 25 January 2012

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article

          Acceptance Rates

          Overall Acceptance Rate824of4,130submissions,20%

          Upcoming Conference

          POPL '25

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader