Efficient purely-dynamic information flow analysis

We present a novel approach for efficiently tracking information flow in a dynamically-typed language such as JavaScript. Our approach is purely dynamic, and it detects problems with implicit paths via a dynamic check that avoids the need for an approximate static analyses while still guaranteeing non-interference. We incorporate this check into an efficient evaluation strategy based on sparse information labeling that leaves information flow labels implicit whenever possible, and introduces explicit labels only for values that migrate between security domains. We present experimental results showing that, on a range of small benchmark programs, sparse labeling provides a substantial (30%--50%) speed-up over universal labeling.

[1]  Cédric Fournet,et al.  Cryptographically sound implementations for typed information-flow security , 2008, POPL '08.

[2]  Michael Franz,et al.  Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[3]  Andrew C. Myers,et al.  Programming Languages for Information Security , 2002 .

[4]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[5]  David Sands,et al.  Termination-Insensitive Noninterference Leaks More Than Just a Bit , 2008, ESORICS.

[6]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[7]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[8]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[9]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[10]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[11]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[12]  Gérard Boudol,et al.  Secure Information Flow as a Safety Property , 2009, Formal Aspects in Security and Trust.

[13]  Mason Chang,et al.  Trace-based just-in-time type specialization for dynamic languages , 2009, PLDI '09.

[14]  Wei Xu,et al.  Provably Correct Runtime Enforcement of Non-interference Properties , 2006, ICICS.

[15]  David A. Schmidt,et al.  Automata-Based Confidentiality Monitoring , 2006, ASIAN.

[16]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[17]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[18]  Andrew C. Myers,et al.  Securing nonintrusive web encryption through information flow , 2008, PLAS '08.

[19]  Jeffrey S. Fenton Memoryless Subsystems , 1974, Comput. J..

[20]  Benjamin Livshits,et al.  Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.

[21]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[22]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[23]  Andrew C. Myers,et al.  Security policies for downgrading , 2004, CCS '04.

[24]  Michael Franz,et al.  Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[25]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[26]  Deepak Chandra,et al.  Information flow analysis and enforcement in java bytecode , 2006 .

[27]  Robert Bruce Findler,et al.  Fine-grained interoperability through mirrors and contracts , 2005, OOPSLA '05.

[28]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[29]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[30]  Trent Jaeger,et al.  Implicit Flows: Can't Live with 'Em, Can't Live without 'Em , 2008, ICISS.

[31]  John McLean,et al.  Proving Noninterference and Functional Correctness Using Traces , 1992, J. Comput. Secur..

[32]  Michael R. Clarkson,et al.  Information-flow security for interactive programs , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).