IEEE Transactions on Software Engineering
Multilevel security in the UNIX tradition
Software—Practice & Experience
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
A lattice model of secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
The Java Language Specification
The Java Language Specification
Detecting Malicious JavaScript Code in Mozilla
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Protection and communication abstractions for web browsers in MashupOS
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Organizing and sharing distributed personal web-service data
Proceedings of the 17th international conference on World Wide Web
Spectator: detection and containment of JavaScript worms
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Securing frame communication in browsers
SS'08 Proceedings of the 17th conference on Security symposium
A lattice-based approach to mashup security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
FIRM: capability-based inline mediation of Flash behaviors
Proceedings of the 26th Annual Computer Security Applications Conference
Silverline: toward data confidentiality in storage-intensive cloud applications
Proceedings of the 2nd ACM Symposium on Cloud Computing
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
Aspectizing JavaScript security
Proceedings of the 3rd workshop on Modularity in systems software
Toward principled browser security
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Building web applications on top of encrypted data using Mylar
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Some web sites provide interactive extensions using browser scripts, often without inspecting the scripts to verify that they are benign and bug-free. Others handle users' confidential data and display it via the browser. Such new features contribute to the power of online services, but their combination would allow attackers to steal confidential data. This paper presents BFlow, a security system that uses information flow control to allow the combination while preventing attacks on data confidentiality. BFlow allows untrusted JavaScript to compute with, render, and store confidential data, while preventing leaks of that data. BFlow tracks confidential data as it flows within the browser, between scripts on a page and between scripts and web servers. Using these observations and assistance from participating web servers, BFlow prevents scripts that have seen confidential data from leaking it, all without disrupting the JavaScript communication techniques used in complex web pages. To achieve these ends, BFlow augments browsers with a new "protection zone" abstraction. We have implemented a BFlow browser reference monitor and server support. To evaluate BFlow's confidentiality protection and flexibility, we have built a BFlow-protected blog that supports Blogger's third party JavaScript extensions. BFlow is compatible with every legitimate Blogger extension that we have found, yet it prevents malicious extensions from leaking confidential data.