IFC Inside: Retrofitting Languages with Dynamic Information Flow Control (Extended Version)
نویسندگان
چکیده
Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient implementation of information flow control (IFC). Unfortunately existing fine-grained approaches to JavaScript IFC require modifications to the language semantics and its engine, a non-goal for browser applications. In this work, we take the ideas of coarse-grained dynamic IFC and provide the theoretical foundation for a language-based approach that can be applied to any programming language for which external effects can be controlled. We then apply this formalism to serverand client-side JavaScript, show how it generalizes to the C programming language, and connect it to the Haskell LIO system. Our methodology offers design principles for the construction of information flow control systems when isolation can easily be achieved, as well as compositional proofs for optimized concrete implementations of these systems, by relating them to their isolated variants.
منابع مشابه
IFC Inside: A General Approach to Retrofitting Languages with Dynamic Information Flow Control
Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient implementation of information flow control. We formally specify a coarse-grained IFC system that can be implemented non-intrusively, resulting in much greater implement...
متن کاملFlexible Dynamic Information Flow Control in the Presence of Exceptions Sequential LIO
We describe a language-based, dynamic information flow control (IFC) system called LIO. Our system presents a new design point for IFC, influenced by the challenge of implementing IFC as a Haskell library, as opposed to the more typical approach of modifying the language runtime system. In particular, we take a coarse-grained, floating-label approach, previously used by IFC Operating Systems, a...
متن کاملAn Enhanced IFC Label Model to meet Application Policy Requirements
In recent projects we have investigated the use of Information Flow Control (IFC) for distributed and cloud computing. As reported elsewhere, we designed and implemented an Operating System (OS) kernel-loadable module for Linux (FlowK) to enforce IFC, and enhanced our SBUS middleware to be IFC-compliant (SBUS-IFC). FlowK’s label model follows established practice for IFC in languages and OS, bu...
متن کاملInformation Flow Control in WebKit's JavaScript Bytecode
Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari’s WebKit engine...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1501.04132 شماره
صفحات -
تاریخ انتشار 2015