FlowFox: A web browser with flexible and precise information flow control

Willem De Groef; Dominique Devriese; Nick Nikiforakis; Frank Piessens

doi:10.1145/2382196.2382275

FlowFox: A web browser with flexible and precise information flow control

Willem De Groef
, Dominique Devriese
, Nick Nikiforakis
, Frank Piessens

Computer Science

KU Leuven

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

123 Scopus citations

Abstract

We present FlowFox, the first fully functional web browser that implements a precise and general information flow control mechanism for web scripts based on the technique of secure multi-execution. We demonstrate how FlowFox subsumes many ad-hoc script containment countermeasures developed over the last years. We also show that FlowFox is compatible with the current web, by investigating its behavior on the Alexa top-500 web sites, many of which make intricate use of JavaScript. The performance and memory cost of FlowFox is substantial (a performance cost of around 20% on macro benchmarks for a simple two level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet precise policies refining the same-origin-policy in a way that is compatible with existing websites.

Original language	English
Title of host publication	CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
Pages	748-759
Number of pages	12
DOIs	https://doi.org/10.1145/2382196.2382275
State	Published - 2012
Event	2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States Duration: Oct 16 2012 → Oct 18 2012

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	2012 ACM Conference on Computer and Communications Security, CCS 2012
Country/Territory	United States
City	Raleigh, NC
Period	10/16/12 → 10/18/12

Keywords

Information flow
Web browser architecture
Web security

Access to Document

10.1145/2382196.2382275

Cite this

@inproceedings{b7182316c8354d689b07f79076364204,

title = "FlowFox: A web browser with flexible and precise information flow control",

abstract = "We present FlowFox, the first fully functional web browser that implements a precise and general information flow control mechanism for web scripts based on the technique of secure multi-execution. We demonstrate how FlowFox subsumes many ad-hoc script containment countermeasures developed over the last years. We also show that FlowFox is compatible with the current web, by investigating its behavior on the Alexa top-500 web sites, many of which make intricate use of JavaScript. The performance and memory cost of FlowFox is substantial (a performance cost of around 20\% on macro benchmarks for a simple two level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet precise policies refining the same-origin-policy in a way that is compatible with existing websites.",

keywords = "Information flow, Web browser architecture, Web security",

author = "\{De Groef\}, Willem and Dominique Devriese and Nick Nikiforakis and Frank Piessens",

year = "2012",

doi = "10.1145/2382196.2382275",

language = "English",

isbn = "9781450316507",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "748--759",

booktitle = "CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security",

note = "2012 ACM Conference on Computer and Communications Security, CCS 2012 ; Conference date: 16-10-2012 Through 18-10-2012",

}

De Groef, W, Devriese, D, Nikiforakis, N & Piessens, F 2012, FlowFox: A web browser with flexible and precise information flow control. in CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, pp. 748-759, 2012 ACM Conference on Computer and Communications Security, CCS 2012, Raleigh, NC, United States, 10/16/12. https://doi.org/10.1145/2382196.2382275

FlowFox: A web browser with flexible and precise information flow control. / De Groef, Willem; Devriese, Dominique; Nikiforakis, Nick et al.
CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security. 2012. p. 748-759 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - FlowFox

T2 - 2012 ACM Conference on Computer and Communications Security, CCS 2012

AU - De Groef, Willem

AU - Devriese, Dominique

AU - Nikiforakis, Nick

AU - Piessens, Frank

PY - 2012

Y1 - 2012

N2 - We present FlowFox, the first fully functional web browser that implements a precise and general information flow control mechanism for web scripts based on the technique of secure multi-execution. We demonstrate how FlowFox subsumes many ad-hoc script containment countermeasures developed over the last years. We also show that FlowFox is compatible with the current web, by investigating its behavior on the Alexa top-500 web sites, many of which make intricate use of JavaScript. The performance and memory cost of FlowFox is substantial (a performance cost of around 20% on macro benchmarks for a simple two level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet precise policies refining the same-origin-policy in a way that is compatible with existing websites.

AB - We present FlowFox, the first fully functional web browser that implements a precise and general information flow control mechanism for web scripts based on the technique of secure multi-execution. We demonstrate how FlowFox subsumes many ad-hoc script containment countermeasures developed over the last years. We also show that FlowFox is compatible with the current web, by investigating its behavior on the Alexa top-500 web sites, many of which make intricate use of JavaScript. The performance and memory cost of FlowFox is substantial (a performance cost of around 20% on macro benchmarks for a simple two level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet precise policies refining the same-origin-policy in a way that is compatible with existing websites.

KW - Information flow

KW - Web browser architecture

KW - Web security

UR - https://www.scopus.com/pages/publications/84869386885

U2 - 10.1145/2382196.2382275

DO - 10.1145/2382196.2382275

M3 - Conference contribution

AN - SCOPUS:84869386885

SN - 9781450316507

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 748

EP - 759

BT - CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security

Y2 - 16 October 2012 through 18 October 2012

ER -

FlowFox: A web browser with flexible and precise information flow control

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this