Guarding the Boundary: Information Flow Tracking in the Presence of Libraries

In modern software development, the use of libraries is prevalent.Libraries pose a big security challenge.How can we ensure that sensitive data is not being leaked through libraries?This is the first question of the thesis.We propose the use of information-flow control, by developing a principledapproach for allowing information-flow tracking in libraries, even if they arewritten in a language not supporting information-flow control.With this approach, we allow for library functions to have unlabeland relabel models, explaining how values are unlabeled and relabeledwhen being marshaled between the labeled program and the library.These models are used in combination with lazy marshaling to handlestructured data such as lists and records, higher-order functions and references.Modern browsers allow for browser modifications throughbrowser extensions, which have special privileges andcan, e.g., modify the DOM.As extensions can be intrusive, it is in a webpage\u27s interest to know whichextensions are installed in a browser.The second question of the thesis is if it is possible for a webpage toknow which extensions are installed in the browser?We conduct a large-scale study to determine how many extensions that aredetectable from a webpage based on the extension\u27s resources, showing over 50%of the top 1000 Chrome extensions can be detected, as well as how many of theAlexa top 100,000 webpages employ the technique of the paper

Information Flow for Web Security and Privacy

The use of libraries is prevalent in modern web development. But how to ensure sensitive data is not being leaked through these libraries? This is the first challenge this thesis aims to solve. We propose the use of information-flow control by developing a principled approach to allow information-flow tracking in libraries, even if the libraries are written in a language not supporting information-flow control. The approach allows library functions to have unlabel\ua0and relabel models that explain how values are unlabeled and relabeled when marshaled between the labeled program and the unlabeled library. The approach handles primitive values and lists, records, higher-order functions, and references through the use of lazy marshaling.Web pages can combine benign properties of a user\u27s browser to a fingerprint, which can identify the user. Fingerprinting can be intrusive and often happens without the user\u27s consent. The second challenge this thesis aims to solve is to bridge the gap between the principled approach of handling libraries, to practical use in the information-flow aware JavaScript interpreter JSFlow. We extend JSFlow to handle libraries and be deployed in a browser, enabling information-flow tracking on web pages to detect fingerprinting.Modern browsers allow for browser modifications through browser\ua0extensions. These extensions can be intrusive by, e.g., blocking content ormodifying the DOM, and it can be in the interest of web pages to detect which extensions are installed in the browser. The third challenge this thesis aims to solve is finding which browser extensions are executing in a user\u27s browser, and investigate how the installed browser extensions can be used to decrease the privacy of users. We do this by conducting several large-scale studies and show that due to added security by browser vendors, a web page may uniquely identify a user based on the installed browser extension alone.It is popular to use filter lists to block unwanted content such as ads and tracking scripts on web pages. These filter lists are usually crowd-sourced andmainly focus on English speaking regions. Non-English speaking regions should use a supplementary filter list, but smaller linguistic regions may not have an up to date filter list. The fourth challenge this thesis aims to solve is how to automatically generate supplementary filter lists for regions which currently do not have an up to date filter list

Information Flow Tracking for Side-Effectful Libraries

International audienceDynamic information flow control is a promising technique for ensuring confidentiality and integrity of applications that manipulate sensitive information. While much progress has been made on increasingly powerful programming languages ranging from low-level machine languages to high-level languages for distributed systems, surprisingly little attention has been devoted to libraries and APIs. The state of the art is largely an all-or-nothing choice: either a shallow or deep library modeling approach. Seeking to break out of this restrictive choice, we formalize a general mechanism that tracks information flow for a language that includes higher-order functions, structured data types and references. A key feature of our approach is the model heap, a part of the memory, where security information is kept to enable the interaction between the labeled program and the unlabeled library. We provide a proof-of-concept implementation and report on experiments with a file system library. The system has been proved correct using Coq