June 2023
« Jan    




Segregate Third-Party JS Libraries

Typically, web authors simply load whatever library they’d like to use with full trust. In JS, such loading amounts essentially to a #include. I’m flabbergasted that this practice remains normal. It could be paranoia, but even without invoking all the security concerns, I’d be reluctant to include other people’s code simply because of the potential […]

A New Field: Information Type Flow

In my last post on Information Flow, I noticed that some flows are more informative than others. I used a switch statement for my illustrative example of that observation. But, from my experience as a software developer, I have a small aversion to switch statements. Usually, when I feel compelled to use one, it’s because […]

Not All Flows are Considered Equal

When I was writing last post about information flow terminology, I noticed something interesting: when knowledge of control flows are used to determine the values of variables, some branches yield more information than others. Previously, I had only considered the binary if-then-else branch. Today, I shall examine a switch-case statement, which exhibits asymmetric information flow.


New Terminology in Information Flow Research

Information flow is about tracking the flows of information within a computer program, i.e. what values influence other values as the program executes. Denning and Denning looked at this problem in the late 1970’s [1, 2] and distinguished between flows that occur due to a data dependence (such as assignment) and flows which occur due […]

Strong Typing for Security

I got into a mild argument about static vs. dynamic typing. I recognize that static typing can be verbose to the point of being repetitious. Take Java generics for example:

List<String> astr = new ArrayList<String>();

There really isn’t a great reason why the compiler can’t infer the type of […]

Documentation for Progress

I’ve noticed in my work recently that documenting my work is one of the most reliable ways of making steady progress. I likely gathered the idea from the internet somewhere, or perhaps from the generous amounts of advice spewed forth from my postdoc. But I do remember, when I was looking up some stuff surrounding […]

Comparison between Object Capabilities and Information Flow

Augmenting the Capability Model with Information Flows

I’ve already convinced myself that labels are best implemented as tags on primitive values and references. In JavaScript, it is sometimes useful to view an object as a heterogeneous hash table, mapping field names to data. Having to provide a label for the object itself, rather than a […]

Approaches to JavaScript Security

This is, as best as I can give right now, an exhaustive enumeration of all the different approaches to JavaScript security.

Source Translation. Does a source-to-source translation of JS into a secure subset. The technique is used to jail an included javascript, passing to it only those references to the outside world that it absolutely […]

Security Typing for JavaScript

Devil in the details.

I’d like to repeat an example (given my Mark Miller in his work on E), of two different ways to copy a file, and the security implications of each. First,

shell$ cp foo.txt bar.txt

This command invokes a copy program that will:

recognize foo.txt as a filename. recognize bar.txt as another […]

The Wrapper Conundrum

In my information flow research, we have the objective of attaching a security label to every object/value within the running system of a JavaScript VM. Two approaches are immediately evident:

Fat Values. We can extend the native encoding of values to include a pointer to the label attached to that value. In JS, this means […]