Staged Information Flow for JavaScript

Ravi Chugh, Jeffrey A. Meister, Ranjit Jhala, and Sorin Lerner

Modern websites are powered by JavaScript, a flexible dynamic scripting language that executes in client browsers. A common paradigm in such websites is to include third-party JavaScript code in the form of libraries or advertisements. If this code were malicious, it could read sensitive information from the page or write to the location bar, thus redirecting the user to a malicious page, from which the entire machine could be compromised.

We present an information-flow based approach for inferring the effects that a piece of JavaScript has on the website in order to ensure that key security properties are not violated. To handle dynamically loaded and generated JavaScript, we propose a framework for staging information flow properties. Our framework propagates information flow through the currently known code in order to compute residual checks for code that is not yet available. When the remaining code becomes available, we perform the residual checks and recursively invoke the staging framework on parts of the code that are still unknown. The benefit of this method is that it performs as much of the computation as possible statically, leaving only minimal residual checks to be performed at run time.

We have implemented a prototype framework for staging information flow. We describe our techniques for handling some difficult features of JavaScript and evaluate our system's performance on a variety of large real-world websites. Our experiments show that static information flow is feasible and efficient for JavaScript, and that the residual checks are orders of magnitude faster than checking the entire code.

Proceedings of the 2009 Conference on Programming Language Design and Implementation (PLDI 2009)

Download: [ PDF ]