A Self-correcting Information Flow Control Model for the Web-Browser
详细信息 查看全文
- 刊名:Lecture Notes in Computer Science
- 出版年:2017
- 出版时间:2017
- 年:2017
- 卷:10128
- 期:1
- 页码:285-301
- 丛书名:Foundations and Practice of Security
- ISBN:978-3-319-51966-1
- 卷排序:10128
文摘
Web-browser security with emphasis on JavaScript security, is one of the important problems of the modern world. The potency of information flow control (IFC) in the context of JavaScript is quite appealing. In this paper, we adopt an earlier technique, Address Split Design (ASD), proposed by Deepak et al. [12]. We propose an alternate data-structure to the dictionaries used in ASD to keep track of secret variables. We also propose a novel approach to help track and learn from information flows. This learnt data can subsequently be used to create a more adaptive and effective IFC model. As the information about a function augments, potential leaks are also thwarted. Using such an approach, we show that more rigid security guarantees can be achieved eventually with increase in learnt data.