Modern web applications often compose JavaScript from mutually distrusting sources (e.g., a trusted office suite that is supported by untrusted ad-networks). However, current browsers support only coarse-grained isolation of code from different sources, which results in confidentiality and integrity issues that manifest in Internet worms and identity thefts. Information flow control (IFC) is effective at countering such threats. Accordingly, there has been extensive research in IFC for dynamic languages that resemble JavaScript in the past 5 years. However, the state of the art in this area is either limited to subsets of JavaScript or requires additional code annotations to track implicit flows.In recent work, we developed an IFC mechanism for full JavaScript that does not require any code annotations, modeled the intermediate representation of a production JavaScript infrastructure and proved our IFC analysis sound for a standard security property, noninterference. Herein, we propose to scale that research infrastructure to realistic web applications that require client-side confidentiality and integrity properties. We plan to focus on two dimensions that are critical to realistic web pages: permissiveness of our analysis and expressiveness of our security policies, in particular, policies for declassification.Concretely, we propose to improve the permissiveness of our existing IFC for JavaScript using state of the art static and dynamic program analyses and speculative execution, and to refine on the corresponding theoretical foundations. In addition, we plan to extend our IFC mechanism to new industry standards like HTML5 persistent data, which are crucial for upcoming web applications. We also plan to integrate declassification policies to protect user data from malicious JavaScript and to protect website data from users. Further, we will integrate speculative execution, which improves permissiveness, allows for graceful recovery from policy violations and supports richer declassification policies. Finally, we will evaluate our IFC framework on realistic web pages using targetted case studies.

DFG Programme Priority Programmes

Subproject of SPP 1496:  Reliably Secure Software Systems