research-article

Multiple facets for dynamic information flow

Authors:

Thomas H. Austin,

Cormac FlanaganAuthors Info & Claims

POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 165 - 178

https://doi.org/10.1145/2103656.2103677

Published: 25 January 2012 Publication History

Abstract

JavaScript has become a central technology of the web, but it is also the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources runs with full privileges. We implement information flow controls in Firefox to help prevent violations of data confidentiality and integrity. Most previous information flow techniques have primarily relied on either static type systems, which are a poor fit for JavaScript, or on dynamic analyses that sometimes get stuck due to problematic implicit flows, even in situations where the target web application correctly satisfies the desired security policy. We introduce faceted values, a new mechanism for providing information flow security in a dynamic manner that overcomes these limitations. Taking inspiration from secure multi-execution, we use faceted values to simultaneously and efficiently simulate multiple executions for different security levels, thus providing non-interference with minimal overhead, and without the reliance on the stuck executions of prior dynamic approaches.

Supplementary Material

JPG File (popl_3a_1.jpg)

Download
16.19 KB

ZIP File (popl002.zip)

Supplemental proofs are included in SupplementalProofs.pdf

Download
620.65 KB

MP4 File (popl_3a_1.mp4)

Download
226.09 MB

References

[1]

Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands. Termination-insensitive noninterference leaks more than just a bit. In ESORICS '08, pages 333--348. Springer-Verlag, 2008.

Digital Library

[2]

Aslan Askarov and Andrew Myers. A semantic framework for declassification and endorsement. In ESOP, pages 64--84, 2010.

Digital Library

[3]

Aslan Askarov and Andrei Sabelfeld. Tight enforcement of information-release policies for dynamic languages. In IEEE Computer Security Foundations Symposium, pages 43--59, Washington, DC, USA, 2009. IEEE Computer Society.

Digital Library

[4]

Thomas H. Austin. ZaphodFacetes github page. https://github.com/taustin/ZaphodFacets, 2011.

[5]

Thomas H. Austin and Cormac Flanagan. Efficient purely-dynamic information flow analysis. In PLAS '09: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, pages 113--124, New York, NY, USA, 2009. ACM.

Digital Library

[6]

Thomas H. Austin and Cormac Flanagan. Permissive dynamic information flow analysis. In Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pages 1--12. ACM, 2010.

Digital Library

[7]

Arnar Birgisson, Alejandro Russo, and Andrei Sabelfeld. Capabilities for information flow. In PLAS '11: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security. ACM, 2011.

Digital Library

[8]

Aaron Bohannon, Benjamin C. Pierce, Vilhelm Sjöberg, Stephanie Weirich, and Steve Zdancewic. Reactive noninterference. In ACM Conference on Computer and Communications Security, pages 79--90, 2009.

Digital Library

[9]

R. Capizzi, A. Longo, V.N. Venkatakrishnan, and A.P. Sistla. Preventing information leaks through shadow executions. In ACSAC, pages 322 --331, dec 2008.

Digital Library

[10]

Stephen Chong and Andrew C. Myers. Security policies for downgrading. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 198--209, New York, NY, USA, 2004. ACM.

Digital Library

[11]

Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner. Staged information flow for javascript. In PLDI, pages 50--62, 2009.

Digital Library

[12]

Dorothy E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, 1976.

Digital Library

[13]

Dominique Devriese and Frank Piessens. Noninterference through secure multi-execution. Security and Privacy, IEEE Symposium on, 0:109--124, 2010.

Digital Library

[14]

Mohan Dhawan and Vinod Ganapathy. Analyzing information flow in javascript-based browser extensions. In ACSAC, pages 382--391, 2009.

Digital Library

[15]

Brendan Eich. Narcissus--JS implemented in JS. Available on the web at https://github.com/mozilla/narcissus/.

[16]

J. S. Fenton. Memoryless subsystems. The Computer Journal, 17(2):143--147, 1974.

[17]

Andreas Gal, David Flanagan, and Donovon Preston. dom.js github page. https://github.com/andreasgal/dom.js, accessed October 2011, 2011.

[18]

Gurvan Le Guernic, Anindya Banerjee, Thomas P. Jensen, and David A. Schmidt. Automata-based confidentiality monitoring. In ASIAN, pages 75--89, 2006.

Digital Library

[19]

Nevin Heintze and Jon G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Symposium on Principles of Programming Languages, pages 365--377, 1998.

Digital Library

[20]

Sebastian Hunt and David Sands. On flow-sensitive security types. In POPL, pages 79--90, 2006.

Digital Library

[21]

Dongseok Jang, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. An empirical study of privacy-violating information flows in javascript web applications. In ACM Conference on Computer and Communications Security, pages 270--283, 2010.

Digital Library

[22]

Jif homepage. http://www.cs.cornell.edu/jif/, accessed October 2010.

[23]

Vineeth Kashyap, Ben Wiedermann, and Ben Hardekopf. Timing- and termination-sensitive secure information flow: Exploring a new approach. In IEEE Security and Privacy, 2011.

Digital Library

[24]

Dave King, Boniface Hicks, Michael Hicks, and Trent Jaeger. Implicit flows: Can't live with 'em, can't live without 'em. In International Conference on Information Systems Security, pages 56--70, 2008.

Digital Library

[25]

Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert. Rozzle: De-cloaking internet malware. Technical Report MSR-TR-2011--94, Microsoft Research Technical Report, 20011.

[26]

Mozilla labs: Zaphod add-on for the firefox browser. http://mozillalabs.com/zaphod, accessed October 2010.

[27]

Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Symposium on Principles of Programming Languages, pages 228--241, 1999.

Digital Library

[28]

François Pottier and Vincent Simonet. Information flow inference for ML. Transactions on Programming Languages and Systems, 25(1):117--158, 2003.

Digital Library

[29]

Willard Rafnsson and Andrei Sabelfeld. Limiting information leakage in event-based communication. In PLAS '11: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security. ACM, 2011.

Digital Library

[30]

Alejandro Russo and Andrei Sabelfeld. Securing timeout instructions in web applications. In IEEE Computer Security Foundations Symposium, 2009.

Digital Library

[31]

Alejandro Russo and Andrei Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In IEEE Computer Security Foundations Symposium. IEEE Computer Society, 2010.

Digital Library

[32]

Alejandro Russo, Andrei Sabelfeld, and Andrey Chudnov. Tracking information flow in dynamic tree structures. In ESORICS, pages 86--103, 2009.

Digital Library

[33]

Andrei Sabelfeld and Andrew C. Myers. Language-based information-flow security. Selected Areas in Communications, IEEE Journal on, 21(1):5--19, Jan 2003.

Digital Library

[34]

Paritosh Shroff, Scott F. Smith, and Mark Thober. Dynamic dependency monitoring to secure information flow. In CSF, pages 203--217, 2007.

Digital Library

[35]

Jeffrey Vaughan and Stephen Chong. Inference of expressive declassification policies. In IEEE Security and Privacy, 2011.

Digital Library

[36]

Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Krügel, and Giovanni Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In NDSS, 2007.

[37]

Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2--3):167--187, 1996.

Digital Library

[38]

Webkit.org. SunSpider JavaScript benchmark. http://www.webkit.org/perf/sunspider/sunspider.html, accessed October 2011.

[39]

Stephan Arthur Zdancewic. Programming languages for information security. PhD thesis, Cornell University, 2002.

Digital Library

[40]

Steve Zdancewic. A type system for robust declassification. In 19th Mathematical Foundations of Programming Semantics Conference, 2003.

Digital Library

Cited By

Gumarac M(2024)Extent of spending behavior, problems encountered, and financial knowledge across generational cohorts among state universities and colleges employeesInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2024.02.02411:2(230-237)Online publication date: Feb-2024
https://doi.org/10.21833/ijaas.2024.02.024
Bittner PSchultheiß AMoosherr BYoung JTeixeira LWalkingshaw EAtaei PThüm T(2024)On the Expressive Power of Languages for Static VariabilityProceedings of the ACM on Programming Languages10.1145/36897478:OOPSLA2(1018-1050)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689747
Beardsley VSridharan M(2024)Static-Dynamic Information Flow Control in RustCompanion Proceedings of the 2024 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3689491.3691820(16-18)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1145/3689491.3691820
Show More Cited By

Index Terms

Multiple facets for dynamic information flow
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features

Recommendations

Multiple facets for dynamic information flow
POPL '12

JavaScript has become a central technology of the web, but it is also the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources ...
Multiple Facets for Dynamic Information Flow with Exceptions

JavaScript is the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources runs with full privileges. Information flow controls help ...
An empirical study of privacy-violating information flows in JavaScript web applications
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

The dynamic nature of JavaScript web applications has given rise to the possibility of privacy violating information flows. We present an empirical study of the prevalence of such flows on a large number of popular websites. We have (1) designed an ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2012

602 pages

ISBN:9781450310833

DOI:10.1145/2103656

General Chair:
John Field
Google, USA
,
Program Chair:
Michael Hicks
University of Maryland, College Park, USA

ACM SIGPLAN Notices Volume 47, Issue 1
POPL '12
January 2012
569 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2103621
Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 January 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

POPL '12

Sponsor:

SIGPLAN

POPL '12: The 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 25 - 27, 2012

PA, Philadelphia, USA

Acceptance Rates

Overall Acceptance Rate 860 of 4,328 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

147
Total Citations
View Citations
1,050
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gumarac M(2024)Extent of spending behavior, problems encountered, and financial knowledge across generational cohorts among state universities and colleges employeesInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2024.02.02411:2(230-237)Online publication date: Feb-2024
https://doi.org/10.21833/ijaas.2024.02.024
Bittner PSchultheiß AMoosherr BYoung JTeixeira LWalkingshaw EAtaei PThüm T(2024)On the Expressive Power of Languages for Static VariabilityProceedings of the ACM on Programming Languages10.1145/36897478:OOPSLA2(1018-1050)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689747
Beardsley VSridharan M(2024)Static-Dynamic Information Flow Control in RustCompanion Proceedings of the 2024 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3689491.3691820(16-18)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1145/3689491.3691820
Postolski IBraberman VGarbervetsky DUchitel Sd'Amorim M(2024)Verification of Programs with Common FragmentsCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663783(487-491)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663783
Daniel LBardin SRezk T(2023)Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-ErasureACM Transactions on Privacy and Security10.1145/356303726:2(1-42)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3563037
Scull Pupo ANicolay JBoix E(2023)Brigadier: A Datalog-based IAST framework for Node.js Applications2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00054(509-521)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00054
Blaabjerg JAskarov A(2023)OblivIO: Securing Reactive Programs by Oblivious Execution with Bounded Traffic Overheads2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00014(292-307)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00014
Young JBittner PWalkingshaw EThüm T(2023)Variational satisfiability solving: efficiently solving lots of related SAT problemsEmpirical Software Engineering10.1007/s10664-022-10217-328:1Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1007/s10664-022-10217-3
Anderson SNaaktgeboren ATolmach A(2023)Flexible Runtime Security Enforcement with Tagged CRuntime Verification10.1007/978-3-031-44267-4_12(231-250)Online publication date: 1-Oct-2023
https://doi.org/10.1007/978-3-031-44267-4_12
Randrianaina GTërnava XKhelladi DAcher MDwyer MDamian DZeller A(2022)On the benefits and limits of incremental build of software configurationsProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510190(1584-1596)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510190
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten