Cited By
View all- Subramanian DHiet GBidan C(2016)A Self-correcting Information Flow Control Model for the Web-BrowserFoundations and Practice of Security10.1007/978-3-319-51966-1_19(285-301)Online publication date: 29-Dec-2016
Preventive information flow control through a mechanism of split addresses
Pages 1 - 8
Abstract
The security of the web-browser and JavaScript is pivotal in today's world. The potency of information flow control in the context of JavaScript is quite appealing. In this paper, we propose a new secure information flow control model specifically designed for JavaScript. In our approach, we augment the standard symbol table with a mechanism that replaces the reference address for secret values based on the current execution stack. This mechanism also ensures that the secret is stored in a dedicated memory location that can only be accessed by the internal JIT compiler thereby protecting the variable from any unintended leakage or modification by a malicious JavaScript.
References
[1]
A. Askarov, S. Hunt, A. Sabelfeld, and D. Sands. Termination-insensitive noninterference leaks more than just a bit. In Proceedings of the 13th European Symposium on Research in Computer Security, pages 333--348. Springer-Verlag Berlin, Heidelberg, 2008.
[2]
T. Austin. Dynamic information flow analysis for Javascript in a web browser. PhD thesis, University of California, Santa Cruz, 2013.
[3]
T. H. Austin and C. Flanagan. Efficient purely-dynamic information flow analysis. ACM SIGPLAN Notices, 44(8):20, Dec. 2009.
[4]
D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations. Technical report, 1973.
[5]
N. Bielova. Survey on JavaScript security policies and their enforcement mechanisms in a web browser. The Journal of Logic and Algebraic Programming, 82(8):243--262, 2013.
[6]
D. Denning and P. Denning. Certification of programs for secure information flow. Communications of the ACM, 21(7):504--513, July 1997.
[7]
D. Devriese and F. Piessens. Noninterference through Secure Multi-execution. 2010 IEEE Symposium on Security and Privacy, pages 109--124, 2010.
[8]
W. D. Groef, D. Devriese, N. Nikiforakis, and F. Piessens. FlowFox: a web browser with flexible and precise information flow control. In ACM conference on Computer and communications security 2012, pages 748--759, Raleigh, North Carolina, USA, 2012.
[9]
D. Hedin and A. Sabelfeld. Information-Flow Security for a Core of JavaScript. In IEEE Computer Security Foundations Symposium 2012, pages 3--18, 2012.
[10]
V. Kashyap, B. Wiedermann, and B. Hardekopf. Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach. In 2011 IEEE Symposium on Security and Privacy, pages 413--428. IEEE, May 2011.
[11]
H. G. Rice. Classes of Recursively Enumerable Sets and Their Decision Problems. Transactions of the American Mathematical Society, 74(2):358--366, 1953.
[12]
A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, Jan. 2003.
[13]
A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. Higher-order and symbolic computation, 14:40--58, 1998.
- Preventive information flow control through a mechanism of split addresses
Recommendations
Information-flow types for homomorphic encryptions
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityWe develop a flexible information-flow type system for a range of encryption primitives, precisely reflecting their diverse functional and security features. Our rules enable encryption, blinding, homomorphic computation, and decryption, with selective ...
Secure information flow with random assignment and encryption
FMSE '06: Proceedings of the fourth ACM workshop on Formal methods in securityType systems for secure information flow aim to prevent a program from leaking information from variables classified as $H$ to variables classified as $L$. In this work we extend such a type system to address encryption and decryption; our intuition is ...
Comments
Information & Contributors
Information
Published In
July 2016
186 pages
ISBN:9781450347648
DOI:10.1145/2947626
Copyright © 2016 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 July 2016
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
SIN '16
SIN '16: 9th International Conference on Security of Information and Networks
July 20 - 22, 2016
NJ, Newark, USA
Acceptance Rates
SIN '16 Paper Acceptance Rate 12 of 46 submissions, 26%;
Overall Acceptance Rate 102 of 289 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 60Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 16 Oct 2024
Other Metrics
Citations
Cited By
View all- Subramanian DHiet GBidan C(2016)A Self-correcting Information Flow Control Model for the Web-BrowserFoundations and Practice of Security10.1007/978-3-319-51966-1_19(285-301)Online publication date: 29-Dec-2016
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in