Neha Narula’s research while affiliated with Massachusetts Institute of Technology and other places

Some web sites provideinteractiveextensionsusing browser scripts,oftenwithoutinspectingthescriptstoverifythatthey are benign and bug-free. Others handle users' confidential data and display it via the browser. Such new features con- tribute to the power of online services, but their combination would allow attackers to steal confidential data. This paper presents BFlow, a security system that uses informationflow control to allowthe combinationwhilepreventingattackson data confidentiality. BFlow allows untrusted JavaScript to compute with, ren- der, and store confidential data, while preventing leaks of that data. BFlow tracks confidential data as it flows within the browser, between scripts on a page and between scripts and web servers. Using these observations and assistance from participating web servers, BFlow prevents scripts that have seen confidential data from leaking it, all without dis- rupting the JavaScript communication techniques used in complexweb pages. To achieve these ends, BFlow augments browsers with a new "protection zone" abstraction. We have implemented a BFlow browser reference mon- itor and server support. To evaluate BFlow's confidentiality protection and flexibility, we have built a BFlow-protected blog that supports Blogger's third party JavaScript exten- sions. BFlow is compatible with every legitimate Blogger extension that we have found, yet it prevents malicious ex- tensions from leaking confidential data.