Securing Software in the Presence of Third-Party Modules
Saved in:
| Title: | Securing Software in the Presence of Third-Party Modules |
|---|---|
| Authors: | Ahmadpanah, Seyed Mohammad Mehdi, 1996 |
| Source: | WebSec: Säkerhet i webb-drivna system. |
| Subject Terms: | JavaScript Runtime Monitor, Trigger-Action Platforms, Nontransitive Noninterference, Third-Party Modules, Information-Flow Control |
| Description: | Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing confidential information, tampering with sensitive data, and executing malicious code. Trigger-Action Platforms (TAPs) are concrete examples of employing modular programming. Any user can develop TAP applications by connecting trigger and action services, and publish them on public repositories. In the presence of malicious application makers, users cannot trust applications written by third parties, which can threaten users’ and platform’s security. We present SandTrap, a novel runtime monitor for JavaScript that can be used to securely integrate third-party applications. SandTrap enforces fine-grained access control policies at the levels of module, API, value, and context. We instantiate SandTrap to IFTTT, Zapier, and Node-RED, three popular JavaScript-driven TAPs, and illustrate how it enforces various policies on a set of benchmarks while incurring a tolerable runtime overhead. We also prove soundness and transparency of the monitoring framework on an essential model of Node-RED. Furthermore, nontransitive policies have been recently introduced as a natural fit for coarse-grained information-flow control where labels are specified at the level of modules. The flow relation does not need to be transitive, resulting in nonstandard noninterference and enforcement mechanism. We develop a lattice encoding to prove that nontransitive policies can be reduced to classical transitive policies. We also devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies more permissively. |
| File Description: | electronic |
| Access URL: | https://research.chalmers.se/publication/525880 https://research.chalmers.se/publication/525880/file/525880_Fulltext.pdf |
| Database: | SwePub |
Nájsť tento článok vo Web of Science | FullText | Text: Availability: 0 CustomLinks: – Url: https://research.chalmers.se/publication/525880# Name: EDS - SwePub (s4221598) Category: fullText Text: View record in SwePub – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Ahmadpanah%20SMM Name: ISI Category: fullText Text: Nájsť tento článok vo Web of Science Icon: https://imagesrvr.epnet.com/ls/20docs.gif MouseOverText: Nájsť tento článok vo Web of Science |
|---|---|
| Header | DbId: edsswe DbLabel: SwePub An: edsswe.oai.research.chalmers.se.348fde88.c9c0.436f.bd30.336b7911caa3 RelevancyScore: 876 AccessLevel: 6 PubType: Dissertation/ Thesis PubTypeId: dissertation PreciseRelevancyScore: 876.003784179688 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Securing Software in the Presence of Third-Party Modules – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Ahmadpanah%2C+Seyed+Mohammad+Mehdi%22">Ahmadpanah, Seyed Mohammad Mehdi</searchLink>, 1996 – Name: TitleSource Label: Source Group: Src Data: <i>WebSec: Säkerhet i webb-drivna system</i>. – Name: Subject Label: Subject Terms Group: Su Data: <searchLink fieldCode="DE" term="%22JavaScript+Runtime+Monitor%22">JavaScript Runtime Monitor</searchLink><br /><searchLink fieldCode="DE" term="%22Trigger-Action+Platforms%22">Trigger-Action Platforms</searchLink><br /><searchLink fieldCode="DE" term="%22Nontransitive+Noninterference%22">Nontransitive Noninterference</searchLink><br /><searchLink fieldCode="DE" term="%22Third-Party+Modules%22">Third-Party Modules</searchLink><br /><searchLink fieldCode="DE" term="%22Information-Flow+Control%22">Information-Flow Control</searchLink> – Name: Abstract Label: Description Group: Ab Data: Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing confidential information, tampering with sensitive data, and executing malicious code. Trigger-Action Platforms (TAPs) are concrete examples of employing modular programming. Any user can develop TAP applications by connecting trigger and action services, and publish them on public repositories. In the presence of malicious application makers, users cannot trust applications written by third parties, which can threaten users’ and platform’s security. We present SandTrap, a novel runtime monitor for JavaScript that can be used to securely integrate third-party applications. SandTrap enforces fine-grained access control policies at the levels of module, API, value, and context. We instantiate SandTrap to IFTTT, Zapier, and Node-RED, three popular JavaScript-driven TAPs, and illustrate how it enforces various policies on a set of benchmarks while incurring a tolerable runtime overhead. We also prove soundness and transparency of the monitoring framework on an essential model of Node-RED. Furthermore, nontransitive policies have been recently introduced as a natural fit for coarse-grained information-flow control where labels are specified at the level of modules. The flow relation does not need to be transitive, resulting in nonstandard noninterference and enforcement mechanism. We develop a lattice encoding to prove that nontransitive policies can be reduced to classical transitive policies. We also devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies more permissively. – Name: Format Label: File Description Group: SrcInfo Data: electronic – Name: URL Label: Access URL Group: URL Data: <link linkTarget="URL" linkTerm="https://research.chalmers.se/publication/525880" linkWindow="_blank">https://research.chalmers.se/publication/525880</link><br /><link linkTarget="URL" linkTerm="https://research.chalmers.se/publication/525880/file/525880_Fulltext.pdf" linkWindow="_blank">https://research.chalmers.se/publication/525880/file/525880_Fulltext.pdf</link> |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsswe&AN=edsswe.oai.research.chalmers.se.348fde88.c9c0.436f.bd30.336b7911caa3 |
| RecordInfo | BibRecord: BibEntity: Languages: – Text: English Subjects: – SubjectFull: JavaScript Runtime Monitor Type: general – SubjectFull: Trigger-Action Platforms Type: general – SubjectFull: Nontransitive Noninterference Type: general – SubjectFull: Third-Party Modules Type: general – SubjectFull: Information-Flow Control Type: general Titles: – TitleFull: Securing Software in the Presence of Third-Party Modules Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Ahmadpanah, Seyed Mohammad Mehdi IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Type: published Y: 2021 Identifiers: – Type: issn-locals Value: SWEPUB_FREE – Type: issn-locals Value: CTH_SWEPUB Titles: – TitleFull: WebSec: Säkerhet i webb-drivna system Type: main |
| ResultId | 1 |