Tracking Information Flow in Dynamic Tree Structures
Paper i proceeding, 2009
This paper explores the problem of tracking information flow in dynamic
tree structures. Motivated by the problem of manipulating the Document
Object Model (DOM) trees by browser-run client-side scripts, we address the dynamic
nature of interactions via tree structures.We present a runtime enforcement
mechanism that monitors this interaction and prevents a range of attacks, some
of them missed by previous approaches, that exploit the tree structure in order to
transfer sensitive information. We formalize our approach for a simple language
with DOM-like tree operations and show that the monitor prevents scripts from
disclosing secrets.
Författare
Alejandro Russo
Chalmers, Data- och informationsteknik, Datavetenskap
Andrei Sabelfeld
Chalmers, Data- och informationsteknik, Datavetenskap
Andrey Chudnov
Stevens Institute of Technology
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 5789 LNCS 86-1033642044433 (ISBN)
Ämneskategorier
Datavetenskap (datalogi)
DOI
10.1007/978-3-642-04444-1_6
ISBN
3642044433