A self-correcting information flow control model for the web-browser

Deepak Subramanian 1 Guillaume Hiet 1 Christophe Bidan 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Web-browser security with emphasis on JavaScript security, is one of the important problems of the modern world. The potency of information flow control (IFC) in the context of JavaScript is quite appealing. In this paper, we adopt an earlier technique, Address Split Design (ASD), proposed by Deepak et al. [12]. We propose an alternate data-structure to the dictionaries used in ASD to keep track of secret variables. We also propose a novel approach to help track and learn from information flows. This learnt data can subsequently be used to create a more adaptive and effective IFC model. As the information about a function augments, potential leaks are also thwarted. Using such an approach, we show that more rigid security guarantees can be achieved eventually with increase in learnt data.
Type de document :
Communication dans un congrès
FPS 2016 - The 9th International Symposium on Foundations & Practice of Security, Oct 2016, Québec City, Canada. 10128, pp.285-301, Lecture Notes in Computer Science. 〈https://www.fps2016.fsg.ulaval.ca/no_cache/home/〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01398192
Contributeur : Guillaume Hiet <>
Soumis le : mercredi 16 novembre 2016 - 19:17:35
Dernière modification le : mercredi 11 avril 2018 - 02:01:23

Identifiants

  • HAL Id : hal-01398192, version 1

Citation

Deepak Subramanian, Guillaume Hiet, Christophe Bidan. A self-correcting information flow control model for the web-browser. FPS 2016 - The 9th International Symposium on Foundations & Practice of Security, Oct 2016, Québec City, Canada. 10128, pp.285-301, Lecture Notes in Computer Science. 〈https://www.fps2016.fsg.ulaval.ca/no_cache/home/〉. 〈hal-01398192〉

Partager

Métriques

Consultations de la notice

1001