An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications

The dynamic nature of JavaScript web applications has given rise to the possibility of privacy violating information flows. The authors present an empirical study of the prevalence of such flows on a large number of popular websites. They have designed an expressive, ne-grained information flow policy language that allows one to specify and detect different kinds of privacy-violating flows in JavaScript code, implemented a new rewriting-based JavaScript information flow engine within the Chrome browser, and used the enhanced browser to conduct a large-scale empirical study over the Alexa global top 50,000 websites of four privacy-violating flows: cookie stealing, location hijacking, history sniffing, and behavior tracking.

Provided by: Association for Computing Machinery Topic: Software Date Added: Oct 2010 Format: PDF

Find By Topic