Declassification of Faceted Values in JavaScript

This research addresses the issues with protecting sensitive information at the language level using information flow control mechanisms (IFC). Most of the IFC mechanisms face the challenge of releasing sensitive information in a restricted or limited manner. This research uses faceted values, an IFC mechanism that has shown promising flexibility for downgrading the confidential information in a secure manner, also called declassification. In this project, we introduce the concept of first-class labels to simplify the declassification of faceted values. To validate the utility of our approach we show how the combination of faceted values and first-class labels can build various declassification mechanisms

Joint Wireless Information and Energy Transfer with Reduced Feedback in MIMO Interference Channels

To determine the transmission strategy for joint wireless information and energy transfer (JWIET) in the MIMO interference channel (IFC), the information access point (IAP) and energy access point (EAP) require the channel state information (CSI) of their associated links to both the information-decoding (ID) mobile stations (MSs) and energy-harvesting (EH) MSs (so-called local CSI). In this paper, to reduce th e feedback overhead of MSs for the JWIET in two-user MIMO IFC, we propose a Geodesic energy beamforming scheme that requires partial CSI at the EAP. Furthermore, in the two-user MIMO IFC, it is proved that the Geodesic energy beamforming is the optimal strategy. By adding a rank-one constraint on the transmit signal covariance of IAP, we can further reduce the feedback overhead to IAP by exploiting Geodesic information beamforming. Under the rank-one constraint of IAP's transmit signal, we prove that Geodesic information/energy beamforming approach is the optimal strategy for JWIET in the two-user MIMO IFC. We also discuss the extension of the proposed rank-one Geodesic information/energy beamforming strategies to general K-user MIMO IFC. Finally, by analyzing the achievable rate-energy performance statistically under imperfect partial CSIT, we propose an adaptive bit allocation strategy for both EH MS and ID MS.Comment: accepted to IEEE Journal of Selected Areas in Communications (IEEE JSAC), Special Issue on Wireless Communications Powered by Energy Harvesting and Wireless Energy Transfe

Information Flow Control in WebKit's JavaScript Bytecode

Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari's WebKit engine). Our IFC mechanism works at the level of JavaScript bytecode and hence leverages years of industrial effort on optimizing both the source to bytecode compiler and the bytecode interpreter. We track both explicit and implicit flows and observe only moderate overhead. Working with bytecode results in new challenges including the extensive use of unstructured control flow in bytecode (which complicates lowering of program context taints), unstructured exceptions (which complicate the matter further) and the need to make IFC analysis permissive. We explain how we address these challenges, formally model the JavaScript bytecode semantics and our instrumentation, prove the standard property of termination-insensitive non-interference, and present experimental results on an optimized prototype

Dynamic IFC Theorems for Free!

We show that noninterference and transparency, the key soundness theorems for dynamic IFC libraries, can be obtained "for free", as direct consequences of the more general parametricity theorem of type abstraction. This allows us to give very short soundness proofs for dynamic IFC libraries such as faceted values and LIO. Our proofs stay short even when fully mechanized for Agda implementations of the libraries in terms of type abstraction.Comment: CSF 2021 final versio