Abstract
Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari’s WebKit engine). Our IFC mechanism works at the level of JavaScript bytecode and hence leverages years of industrial effort on optimizing both the source to bytecode compiler and the bytecode interpreter. We track both explicit and implicit flows and observe only moderate overhead. Working with bytecode results in new challenges including the extensive use of unstructured control flow in bytecode (which complicates lowering of program context taints), unstructured exceptions (which complicate the matter further) and the need to make IFC analysis permissive. We explain how we address these challenges, formally model the JavaScript bytecode semantics and our instrumentation, prove the standard property of terminationinsensitive non-interference, and present experimental results on an optimized prototype.
Chapter PDF
Similar content being viewed by others
Keywords
References
Richards, G., Hammer, C., Burg, B., Vitek, J.: The eval that men do – a large-scale study of the use of eval in JavaScript applications. In: Mezini, M. (ed.) ECOOP 2011. LNCS, vol. 6813, pp. 52–78. Springer, Heidelberg (2011)
Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in JavaScript web applications. In: Proc. 17th ACM Conference on Computer and Communications Security, pp. 270–283 (2010)
Richards, G., Hammer, C., Zappa Nardelli, F., Jagannathan, S., Vitek, J.: Flexible access control for Javascript. In: Proc. 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2013, pp. 305–322 (2013)
Hedin, D., Sabelfeld, A.: Information-flow security for a core of JavaScript. In: Proc. 25th IEEE Computer Security Foundations Symposium, pp. 3–18 (2012)
Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow: Tracking information flow in JavaScript and its APIs. In: Proc. 29th ACM Symposium on Applied Computing (2014)
Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: Proc. 2010 IEEE Symposium on Security and Privacy, pp. 109–124 (2010)
De Groef, W., Devriese, D., Nikiforakis, N., Piessens, F.: Flowfox: a web browser with flexible and precise information flow control. In: Proc. 2012 ACM Conference on Computer and Communications Security, pp. 748–759 (2012)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. 1982 IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Proc. 16th ACM Symposium on Operating Systems Principles, pp. 129–142 (1997)
Zdancewic, S., Myers, A.C.: Robust declassification. In: Proc. 14th IEEE Computer Security Foundations Workshop, pp. 15–23 (2001)
Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2-3), 167–187 (1996)
Just, S., Cleary, A., Shirley, B., Hammer, C.: Information flow analysis for JavaScript. In: Proc. 1st ACM SIGPLAN International Workshop on Programming Language and Systems Technologies for Internet Clients, pp. 9–18 (2011)
Austin, T.H., Flanagan, C.: Permissive dynamic information flow analysis. In: Proc. 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pp. 3:1–3:12 (2010)
Bohannon, A., Pierce, B.C., Sjöberg, V., Weirich, S., Zdancewic, S.: Reactive noninterference. In: Proc. 16th ACM Conference on Computer and Communications Security, pp. 79–90 (2009)
Maffeis, S., Mitchell, J.C., Taly, A.: An operational semantics for JavaScript. In: Ramalingam, G. (ed.) APLAS 2008. LNCS, vol. 5356, pp. 307–325. Springer, Heidelberg (2008)
Guha, A., Saftoiu, C., Krishnamurthi, S.: The essence of JavaScript. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 126–150. Springer, Heidelberg (2010)
Politz, J.G., Carroll, M.J., Lerner, B.S., Pombrio, J., Krishnamurthi, S.: A tested semantics for getters, setters, and eval in JavaScript. In: Proceedings of the 8th Dynamic Languages Symposium, pp. 1–16 (2012)
Bodin, M., Chargueraud, A., Filaretti, D., Gardner, P., Maffeis, S., Naudziuniene, D., Schmitt, A., Smith, G.: A trusted mechanised Javascript specification. In: Proc. 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2014)
Guarnieri, S., Pistoia, M., Tripp, O., Dolby, J., Teilhet, S., Berg, R.: Saving the world wide web from vulnerable javascript. In: Proc. 2011 International Symposium on Software Testing and Analysis, ISSTA 2011, pp. 177–187 (2011)
Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for JavaScript. In: Proc. 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 50–62 (2009)
Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: Proc. ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, pp. 113–124 (2009)
Zdancewic, S.A.: Programming Languages for Information Security. PhD thesis, Cornell University (August 2002)
Birgisson, A., Hedin, D., Sabelfeld, A.: Boosting the permissiveness of dynamic information-flow tracking by testing. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 55–72. Springer, Heidelberg (2012)
Austin, T.H., Flanagan, C.: Multiple facets for dynamic information flow. In: Proc. 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 165–178 (2012)
Bielova, N., Devriese, D., Massacci, F., Piessens, F.: Reactive non-interference for a browser model. In: 5th International Conference on Network and System Security (NSS), pp. 97–104 (2011)
Bohannon, A., Pierce, B.C.: Featherweight Firefox: formalizing the core of a web browser. In: Proc. 2010 USENIX Conference on Web Application Development, WebApps 2010, pp. 11–22 (2010)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Dhawan, M., Ganapathy, V.: Analyzing information flow in JavaScript-based browser extensions. In: Proc. 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 382–391 (2009)
Robling Denning, D.E.: Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc., Boston (1982)
Xin, B., Zhang, X.: Efficient online detection of dynamic control dependence. In: Proc. 2007 International Symposium on Software Testing and Analysis, pp. 185–195 (2007)
Masri, W., Podgurski, A.: Algorithms and tool support for dynamic information flow analysis. Information & Software Technology 51(2), 385–404 (2009)
Lengauer, T., Tarjan, R.E.: A fast algorithm for finding dominators in a flowgraph. ACM Trans. Program. Lang. Syst. 1(1), 121–141 (1979)
Richards, G., Gal, A., Eich, B., Vitek, J.: Automated construction of JavaScript benchmarks. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, pp. 677–694 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bichhawat, A., Rajani, V., Garg, D., Hammer, C. (2014). Information Flow Control in WebKit’s JavaScript Bytecode. In: Abadi, M., Kremer, S. (eds) Principles of Security and Trust. POST 2014. Lecture Notes in Computer Science, vol 8414. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54792-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-54792-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54791-1
Online ISBN: 978-3-642-54792-8
eBook Packages: Computer ScienceComputer Science (R0)