Securing Software in the Presence of Third-Party Modules
Licentiatavhandling, 2021

Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing condential information, tampering with sensitive data, and executing malicious code.
Trigger-Action Platforms (TAPs) are concrete examples of employing modular programming. Any user can develop TAP applications by connecting trigger and action services, and publish them on public repositories. In the presence of malicious application makers, users cannot trust applications written by third parties, which can threaten users’ and platform’s security.
We present SandTrap, a novel runtime monitor for JavaScript that can be used to securely integrate third-party applications. SandTrap enforces fine-grained access control policies at the levels of module, API, value, and context. We instantiate SandTrap to IFTTT, Zapier, and Node-RED, three popular JavaScript-driven TAPs, and illustrate how it enforces various policies on a set of benchmarks while incurring a tolerable runtime overhead. We also prove soundness and transparency of the monitoring framework on an essential model of Node-RED.
Furthermore, nontransitive policies have been recently introduced as a natural fit for coarse-grained information-flow control where labels are specified at the level of modules. The flow relation does not need to be transitive, resulting in nonstandard noninterference and enforcement mechanism. We develop a lattice encoding to prove that nontransitive policies can be reduced to classical transitive policies. We also devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies more permissively.

JavaScript Runtime Monitor

Third-Party Modules

Nontransitive Noninterference

Trigger-Action Platforms

Information-Flow Control

online - CSE EDIT 8103
Opponent: Deian Stefan, University of California, San Diego, USA


Seyed Mohammad Mehdi Ahmadpanah

Chalmers, Data- och informationsteknik, Informationssäkerhet

SandTrap: Securing JavaScript-driven Trigger-Action Platforms

Proceedings of the 30th USENIX Security Symposium,; (2021)

Paper i proceeding

Securing Node-RED Applications

Protocols, Logic, and Strands: Festschrift in honor of Joshua Guttman,; (2021)

Övrig text i vetenskaplig tidskrift

Nontransitive Policies Transpiled

6th IEEE European Symposium on Security and Privacy (EuroS&P'21),; (2021)

Paper i proceeding

WebSec: Säkerhet i webb-drivna system

Stiftelsen för Strategisk forskning (SSF) (RIT17-0011), 2018-03-01 -- 2023-02-28.


Datavetenskap (datalogi)



Chalmers tekniska högskola

online - CSE EDIT 8103


Opponent: Deian Stefan, University of California, San Diego, USA

Mer information

Senast uppdaterat