dimacs logo

General Information

Nathan Harper
CoRE 734
Vassar College
Faculty Advisor:
Vinod Ganapathy, Rutgers University
Analyzing information flow in JavaScript-based browser extensions

Project Description

JavaScript-based brwoser extensions are easy to write JavaScript programs that enhance the look and feel of the browser they are installed on. Unlike applets, which run within the browser but are self-contained, JavaScript applications are given privileged access to the browser's information flow. It is easy to create applications that maliciously take advantage of these privileges, or benign applications that have vulnerabilities exploitable by malicious websites. Security Architecture for Browser Extensions, also known as Sabre, is a program that monitors information flow in JavaScript applications, and flags flows that have the potential to compromise the browser's security. Sabre cannot determine whether a potentially compromising flow is necessary for an application to work or purely malignant, so vital flows in benign programs must be manually whitelisted by the user. My goal for this project is to write code that isolates the JavaScript objects that need to be whitelisted, making the process easier and cleaner for the user. To do this I will implement the technique of dynamic data-slicing.