Run-time Monitoring and Formal Analysis of Information Flows in Chromium
Download: Paper (PDF)
Date: 7 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
Abstract:
Web browsers are a key enabler of a wide range of online services, from shopping and email, to banking and health services. Because these services frequently involve handling sensitive data, a wide range of web browser security policies and mechanisms has been implemented or proposed to mitigate the dangers posed by malicious code and sites. This paper describes the development of a framework for specifying and enforcing flexible information-flow policies on the Chromium web browser. Complementing efforts that focus on information-flow enforcement on JavaScript, the framework described in this paper focuses on an existing browser and encompasses a broad range of browser features, from pages and scripts to DOM elements, events, persistent state, and extensions. In this framework, entities in the browser are annotated with information-flow labels that specify policy. Our framework is formally modeled and developed in parallel with a running prototype on top of the Chromium web browser. We demonstrate how the framework can be used to represent many existing browser policies. Experiments with our prototype confirm that the framework can enforce practically useful policies beyond those enforceable in standard web browsers, and a formal proof of noninterference validates the framework’s design.