mdh.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Publications (7 of 7) Show all publications
Sjösten, A., Hedin, D. & Sabelfeld, A. (2018). Information flow tracking for side-effectful libraries. In: Lect. Notes Comput. Sci.: . Paper presented at 18 June 2018 through 21 June 2018 (pp. 141-160). Springer Verlag
Open this publication in new window or tab >>Information flow tracking for side-effectful libraries
2018 (English)In: Lect. Notes Comput. Sci., Springer Verlag , 2018, p. 141-160Conference paper, Published paper (Refereed)
Abstract [en]

Dynamic information flow control is a promising technique for ensuring confidentiality and integrity of applications that manipulate sensitive information. While much progress has been made on increasingly powerful programming languages ranging from low-level machine languages to high-level languages for distributed systems, surprisingly little attention has been devoted to libraries and APIs. The state of the art is largely an all-or-nothing choice: either a shallow or deep library modeling approach. Seeking to break out of this restrictive choice, we formalize a general mechanism that tracks information flow for a language that includes higher-order functions, structured data types and references. A key feature of our approach is the model heap, a part of the memory, where security information is kept to enable the interaction between the labeled program and the unlabeled library. We provide a proof-of-concept implementation and report on experiments with a file system library. The system has been proved correct using Coq.

Place, publisher, year, edition, pages
Springer Verlag, 2018
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 10854 LNCS
Keywords
Application programming interfaces (API), High level languages, Libraries, Network security, Theorem proving, Distributed systems, Dynamic information, Higher order functions, Information flow tracking, Information flows, Machine languages, Sensitive informations, State of the art, Distributed computer systems
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-39983 (URN)10.1007/978-3-319-92612-4_8 (DOI)2-s2.0-85048217179 (Scopus ID)9783319926117 (ISBN)
Conference
18 June 2018 through 21 June 2018
Available from: 2018-06-21 Created: 2018-06-21 Last updated: 2018-06-21Bibliographically approved
Hedin, D., Sjösten, A., Piessens, F. & Sabelfeld, A. (2017). A principled approach to tracking information flow in the presence of libraries. In: : . Paper presented at 6th Conference on Principles of Security and Trust, POST 2017 held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017; Uppsala; Sweden; 22 April 2017 through 29 April 2017; (pp. 49-70). Springer Verlag
Open this publication in new window or tab >>A principled approach to tracking information flow in the presence of libraries
2017 (English)Conference paper, Published paper (Refereed)
Abstract [en]

There has been encouraging progress on information flow control for programs in increasingly complex programming languages, tracking the propagation of information from input sources to output sinks. Yet, programs are typically deployed in an environment with rich APIs and powerful libraries, posing challenges for information flow control when the code for these APIs and libraries is either unavailable or written in a different language. This paper presents a principled approach to tracking information flow in the presence of libraries. With the goal to strike the balance between security and precision, we present a framework that explores the middle ground between the “shallow”, signature-based modeling of libraries and the “deep”, stateful approach, where library models need to be supplied manually. We formalize our approach for a core language, extend it with lists and higher-order functions, and establish soundness results with respect to the security condition of noninterference.

Place, publisher, year, edition, pages
Springer Verlag, 2017
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 10204 LNCS
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-35385 (URN)10.1007/978-3-662-54455-6_3 (DOI)000425526300003 ()2-s2.0-85018650361 (Scopus ID)9783662544549 (ISBN)
Conference
6th Conference on Principles of Security and Trust, POST 2017 held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017; Uppsala; Sweden; 22 April 2017 through 29 April 2017;
Available from: 2017-05-24 Created: 2017-05-24 Last updated: 2018-03-08Bibliographically approved
Hedin, D. (2016). App security with JSFlow. In: Proceedings - International Conference on Mobile Software Engineering and Systems, MOBILESoft 2016: . Paper presented at IEEE/ACM International Conference on Mobile Software Engineering and Systems, MobileSoft 2016, 16 May 2016 through 17 May 2016 (pp. 289-290).
Open this publication in new window or tab >>App security with JSFlow
2016 (English)In: Proceedings - International Conference on Mobile Software Engineering and Systems, MOBILESoft 2016, 2016, p. 289-290Conference paper, Published paper (Refereed)
Abstract [en]

This abstract accompanies a demo of app security using JSFlow [7]. The interested reader is encouraged to try the JSFlow tool [8] and get a full account of the theory and practice behind JSFlow, as detailed in a journal article [9]. The web has transitioned from simple, static pages to full edged applications. When loading a web application, content and scripts may be downloaded from various sources: the 1st party (the application provider), 3rd parties (e.g., library or service providers), as well other users (indirectly, via user generated content). The situation, where either of these sources is untrustworthy or malicious, may lead to attacker controlled code being executed on users' machines. This is particularly problematic, since attacker controlled code allows for complete circumvention of traditional protection mechanisms, and puts the users in the situation, where they cannot trust applications with sensitive information without endangering the con dentiality of the information.

Keywords
Abstracting, Application providers, Journal articles, Protection mechanisms, Sensitive informations, Service provider, Theory and practice, User-generated content, WEB application, Software engineering
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-33114 (URN)10.1145/2897073.2897714 (DOI)000398537300053 ()2-s2.0-84983509303 (Scopus ID)9781450341783 (ISBN)
Conference
IEEE/ACM International Conference on Mobile Software Engineering and Systems, MobileSoft 2016, 16 May 2016 through 17 May 2016
Available from: 2016-09-08 Created: 2016-09-08 Last updated: 2018-01-10Bibliographically approved
Hedin, D., Bello, L. & Sabelfeld, A. (2016). Information-flow security for JavaScript and its APIs. Journal of Computer Security, 24(2), 181-234
Open this publication in new window or tab >>Information-flow security for JavaScript and its APIs
2016 (English)In: Journal of Computer Security, ISSN 0926-227X, E-ISSN 1875-8924, Vol. 24, no 2, p. 181-234Article in journal (Refereed) Published
Abstract [en]

JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web applications combine services from different providers. The script inclusion mechanism routinely turns barebone web pages into full-fledged services built up from third-party code. Script inclusion poses a challenge of ensuring that the integrated third-party code respects security and privacy. This paper presents a dynamic mechanism for securing script executions by tracking information flow in JavaScript and its APIs. On the formal side, the paper identifies language constructs that constitute a core of JavaScript: dynamic objects, higher-order functions, exceptions, and dynamic code evaluation. It develops a dynamic type system that guarantees information-flow security for this language. Based on this formal model, the paper presents JSFlow, a practical security-enhanced interpreter for fine-grained tracking of information flow in full JavaScript and its APIs. Our experiments with JSFlow deployed as a browser extension provide in-depth understanding of information manipulation by third-party scripts. We find that different sites intended to provide similar services effectuate rather different security policies for the user's sensitive information: some ensure it does not leave the browser, others share it with the originating server, while yet others freely propagate it to third parties.

Keywords
information flow, JavaScript, noninterference, reference monitoring, Web application security, Codes (symbols), Computational linguistics, Dynamics, High level languages, Java programming language, Security of data, Websites, World Wide Web, XML, Higher order functions, In-depth understanding, Information flow security, Information flows, Information manipulation, Network security
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-31584 (URN)10.3233/JCS-160544 (DOI)000374759200002 ()2-s2.0-84965075936 (Scopus ID)
Available from: 2016-05-13 Created: 2016-05-13 Last updated: 2017-11-30Bibliographically approved
Hedin, D. & Sabelfeld, A. (2016). Web Application Security Using JSFlow. In: Proceedings - 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2015: . Paper presented at 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2015; Timisoara; Romania; 21 September 2015 through 24 September 2015; Category numberP5742; Code 119854 (pp. 16-19).
Open this publication in new window or tab >>Web Application Security Using JSFlow
2016 (English)In: Proceedings - 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2015, 2016, p. 16-19Conference paper, Published paper (Refereed)
Abstract [en]

Web applications are often vulnerable to code injection attacks and to attacksthrough buggy or malicious libraries. Unfortunately, the current protectionmechanisms are frequently ad-hoc, as a response to attacks after the fact. Thishad lead to a plethora of specialized protection mechanisms that are oftenbrittle and insufficient to guarantee security. This extended abstract accompanies a tutorial on web application security usingJSFlow, an information-flow aware interpreter for full non-strict ECMA-262(v.5). In contrast to access control, which most current protection mechanismsapply, information-flow control focuses on what applications are allowed to dowith the information they access. This removes the inherent trust that accesscontrol places on entities that are granted access. Dispensing with this trustis key for the protection to withstand bypassing in the presence ofuntrustworthy 3rd party code and code injection attacks. Based on two practical attacks against an example web application Hrafn, wedemonstrate the power of JSFlow. The attacks model the scenario where thecurrent standards protection mechanism are bypassed or not applicable. By usinga simple and natural security policy, we show how both attacks are prevented byJSFlow. Although information-flow control has not been tailor made to preventthis kind of attacks, it offers a uniform line of defense against untrustworthyand malicious code and ensures confidentiality of sensitive data.

Keywords
Internet, authorisation, JSFlow, Web application security, access control, buggy, code injection attack, information-flow aware interpreter, information-flow control, malicious library, natural security policy, nonstrict ECMA-262-v.5, sensitive data confidentiality, untrustworthy 3rd party code, Browsers, Monitoring, Servers, Uniform resource locators, Web pages
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-31560 (URN)10.1109/SYNASC.2015.11 (DOI)000384643800004 ()2-s2.0-84964871155 (Scopus ID)978-1-5090-0461-4 (ISBN)
Conference
17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2015; Timisoara; Romania; 21 September 2015 through 24 September 2015; Category numberP5742; Code 119854
Available from: 2016-05-11 Created: 2016-05-11 Last updated: 2019-06-25Bibliographically approved
Bello, L., Hedin, D. & Sabelefeld, A. (2015). Value Sensitivity and Observable Abstract Values for Information Flow Control. In: 20th International Conference on Logic for Programming, Artificial Intelligence and Reasoning LPAR'15: . Paper presented at 20th International Conference on Logic for Programming, Artificial Intelligence and Reasoning LPAR'15, 23 Nov 2015, Suva, Fiji (pp. 63-78).
Open this publication in new window or tab >>Value Sensitivity and Observable Abstract Values for Information Flow Control
2015 (English)In: 20th International Conference on Logic for Programming, Artificial Intelligence and Reasoning LPAR'15, 2015, p. 63-78Conference paper, Published paper (Refereed)
Abstract [en]

Much progress has recently been made on information flow control, enabling the enforcement of increasingly rich policies for increasingly expressive programming languages. This has resulted in tools for mainstream programming languages as JavaScript, Java, Caml, and Ada that enforce versatile security policies. However, a roadblock on the way to wider adoption of these tools has been their limited permissiveness (high number of false positives). Flow-, context-, and object-sensitive techniques have been suggested to improve the precision of static information flow control and dynamic monitors have been explored to leverage the knowledge about the current run for precision. This paper explores value sensitivity to boost the permissiveness of information flow control. We show that both dynamic and hybrid information flow mechanisms benefit from value sensitivity. Further, we introduce the concept of observable abstract values to generalize and leverage the power of value sensitivity to richer programming languages. We demonstrate the usefulness of the approach by comparing it to known disciplines for dealing with information flow in dynamic and hybrid settings.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-30487 (URN)10.1007/978-3-662-48899-7_5 (DOI)000375574900005 ()2-s2.0-84952650183 (Scopus ID)978-3-662-48898-0 (ISBN)
Conference
20th International Conference on Logic for Programming, Artificial Intelligence and Reasoning LPAR'15, 23 Nov 2015, Suva, Fiji
Available from: 2015-12-21 Created: 2015-12-21 Last updated: 2017-01-03Bibliographically approved
Hedin, D., Bello, L. & Sabelefeld, A. (2015). Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language. In: Proceedings of the Computer Security Foundations Workshop, vol. 2015: . Paper presented at 28th IEEE Computer Security Foundations Symposium CSF'15, 13-17 Jul 2015, Verona, Italy (pp. 351-365).
Open this publication in new window or tab >>Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language
2015 (English)In: Proceedings of the Computer Security Foundations Workshop, vol. 2015, 2015, p. 351-365Conference paper, Published paper (Refereed)
Abstract [en]

Secure integration of third-party code is one of the prime challenges for securing today’s web. Recent empirical studies give evidence of pervasive reliance on and excessive trust in third-party JavaScript, with no adequate security mechanism to limit the trust or the extent of its abuse. Information flow control is a promising approach for controlling the behavior of third-party code and enforcing confidentiality and integrity policies. While much progress has been made on static and dynamic approaches to information flow control, only recently their combinations have received attention. Purely static analysis falls short of addressing dynamic language features such as dynamic objects and dynamic code evaluation, while purely dynamic analysis suffers from inability to predict side effects in non-performed executions. This paper develops a value-sensitive hybrid mechanism for tracking information flow in a JavaScriptlike language. The mechanism consists of a dynamic monitor empowered to invoke a static component on the fly. This enables us to achieve a sound yet permissive enforcement. We establish formal soundness results with respect to the security policy of noninterference. In addition, we demonstrate permissiveness by proving that we subsume the precision of purely static analysis and by presenting a collection of common programming patterns that indicate that our mechanism has potential to provide more permissiveness than dynamic mechanisms in practice.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-30486 (URN)10.1109/CSF.2015.31 (DOI)000380428500024 ()2-s2.0-84961373634 (Scopus ID)978-1-4673-7538-2 (ISBN)
Conference
28th IEEE Computer Security Foundations Symposium CSF'15, 13-17 Jul 2015, Verona, Italy
Available from: 2015-12-21 Created: 2015-12-21 Last updated: 2019-01-28Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-6621-8390

Search in DiVA

Show all publications