IFC Inside: Retrofitting Languages with Dynamic Information Flow Control (Extended Version)

TL;DR

This paper introduces a flexible, language-agnostic approach to dynamic information flow control (IFC) that can be retrofitted into existing languages like JavaScript and C without modifying their core semantics, enhancing security.

Contribution

It provides a formal foundation for coarse-grained dynamic IFC applicable to any language with controllable effects, and demonstrates its application to JavaScript, C, and Haskell LIO.

Findings

Formalism generalizes to multiple languages

Connects IFC to existing systems like Haskell LIO

Provides design principles for secure language-based IFC

Abstract

Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient implementation of information flow control (IFC). Unfortunately existing fine-grained approaches to JavaScript IFC require modifications to the language semantics and its engine, a non-goal for browser applications. In this work, we take the ideas of coarse-grained dynamic IFC and provide the theoretical foundation for a language-based approach that can be applied to any programming language for which external effects can be controlled. We then apply this formalism to server- and client-side JavaScript, show how it generalizes to the C programming language, and connect it to the Haskell LIO system. Our methodology offers design principles for the construction of information flow control systems when isolation can easily be achieved, as well as compositional proofs for optimized concrete implementations of these systems, by relating them to their isolated variants.