Information Flow Control in WebKit's JavaScript Bytecode
نویسندگان
چکیده
Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari’s WebKit engine). Our IFC mechanism works at the level of JavaScript bytecode and hence leverages years of industrial effort on optimizing both the source to bytecode compiler and the bytecode interpreter. We track both explicit and implicit flows and observe only moderate overhead. Working with bytecode results in new challenges including the extensive use of unstructured control flow in bytecode (which complicates lowering of program context taints), unstructured exceptions (which complicate the matter further) and the need to make IFC analysis permissive. We explain how we address these challenges, formally model the JavaScript bytecode semantics and our instrumentation, prove the standard property of terminationinsensitive non-interference, and present experimental results on an optimized prototype.
منابع مشابه
Information Flow Analysis for Java Bytecode
We present a context-sensitive compositional analysis of information flow for full (mono-threaded) Java bytecode. Our idea consists in transforming the Java bytecode into a control-flow graph of basic blocks of code such that the complex features of the Java bytecode made explicit. The analysis is based on modeling the information flow dependencies with Boolean functions which leads to an accur...
متن کاملFrom bytecode to JavaScript: the Js_of_ocaml compiler
We present the design and implementation of a compiler from OCaml bytecode to JavaScript. The compiler first translate the bytecode into an SSA intermediate representation on which optimizations are performed, before generating JavaScript. We believe that taking bytecode as input instead of a high-level language is a sensible choice. Virtual machines provide a very stable API. Such a compiler i...
متن کاملJava Bytecode Dependence Analysis for Secure Information Flow
Java programs can be transmitted and executed on another host in bytecode format, thus the sensitive information of the host may be leaked via these assembly-like programs. Information flow policy can ensure data confidentiality, however, conventional information flow analysis mainly focused on the programs written in high-level programming languages and is generally performed by type checking ...
متن کاملIFC Inside: Retrofitting Languages with Dynamic Information Flow Control (Extended Version)
Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient implementation of information flow control (IFC). Unfortunately existing fine-grained approaches to JavaScript IFC require modifications to the language semantics and i...
متن کاملChecking secure information flow in Java bytecode by code transformation and standard bytecode verification
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error d...
متن کامل