Research On The Fine-grained Information Flow Control Model For Web Platform

Posted on:2018-05-10

Degree:Master

Type:Thesis

Country:China

Candidate:J Z Guo

Full Text:PDF

GTID:2428330569475172

Subject:Computer system architecture

Abstract/Summary:

PDF Full Text Request

The current Web application is a collection of JavaScript written by multiple authors: Developers often integrate code from third parties,and mashup applications need to integrate data and code hosted on different sites.However,present browsers lack a sufficient mechanism for confining untrusted third-party code,and thus cannot guarantee the security of users' privacy and the integrity of applications.For the security issues caused by the third-party code,we study the characteristics and security needs of various types of Web applications,and propose the JavaScript confinement system that introduces the label-based fine-grained information flow control model,which satisfies the principle of separation of duties and principle of least privilege,and can efficiently prevent privacy disclosure and guarantee the integrity of the application.The model introduces two different granularities of information-flow labels,namely,the context label and the message label,and implements a flexible and accurate flow control policies by tracking these dynamically changing labels.The context label,which is assigned to the component of browser,represents the privilege of all data within the relevant component.It can not only express secrecy and integrity but also precisely define the endorsement and declassification operations.The message label,which is assigned to a transferred message,represents that the labeled message contains private information of relevant component.The model can use the message label to track sensitive data,and prevent the privacy disclosure.In addition,we analyze and validate the security of the model by demonstrating the non-interference which is the important attribute of information flow control technology.Finally,we implement a fine-grained information flow control prototype system JSFfox,and conduct the function and performance experiment.The results show that with acceptable overhead,the prototype system can implement flexible and fine-grained information flow control policies,and effectively protect the users' privacy and applications' integrity.

Keywords/Search Tags:

Privacy Disclosure, Information Flow, Browser Security Mechanisms

PDF Full Text Request

Related items

1	Research On Internet Users' Privacy Information Disclosure From The Perspective Of Coping Theory
2	A Study On Privacy Perception And Self-disclosure Behavior Of WeChat User
3	Research On The Privacy Paradox In Social Media
4	Research On Influencing Factors Of Sina Weibo Users’ Privacy Information Disclosure Willingness
5	Research On Cause And Mechanism Of Web Client’s Privacy Leakage
6	Research On Influencing Factors Of Users’ Privacy Information Disclosure On Social Network Platform
7	Research On Influencing Factors Of Users'willingness To Disclose Privacy Information In Socialized E-commerce
8	Research On The Influence Mechanism Of User’s Privacy Risk Memory And Privacy Policy On Self-disclosure
9	Research On The Influence Mechanism And Prediction Of User Privacy Information Disclosure Intention In Mobile Social E-commerce
10	Issues And Improvements Of Network Security Vulnerability Information Disclosure Rules