GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control

Angel Luis Scull Pupo; Jens Nicolay; Kyriakos Efthymiadis; Ann Nowe; Coen De Roover; Elisa Gonzalez Boix

doi:10.1109/SANER.2019.8667979

GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control

Angel Luis Scull Pupo, Jens Nicolay, Kyriakos Efthymiadis, Ann Nowe, Coen De Roover, Elisa Gonzalez Boix

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › Research

1 Citation (Scopus)

170 Downloads (Pure)

Abstract

Developing JavaScript and web applications with confidentiality and integrity guarantees is challenging. Information flow control enables the enforcement of such guarantees. However, the integration of this technique into software tools used by developers in their workflow is missing. In this paper we present GuardiaML, a machine learning-assisted dynamic information flow control tool for JavaScript web applications. GuardiaML enables developers to detect unwanted information flow from sensitive sources to public sinks. It can handle the DOM and interaction with internal and external libraries and services. Because the specification of sources and sinks can be tedious, GuardiaML assists in this process by suggesting the tagging of sources and sinks via a machine learning component.

Original language	English
Title of host publication	Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)
Editors	Emad Shihab, David Lo, Xinyu Wang
Publisher	IEEE
Pages	624-628
Number of pages	5
ISBN (Electronic)	9781728105918
ISBN (Print)	978-1-7281-0591-8
DOIs	https://doi.org/10.1109/SANER.2019.8667979
Publication status	Published - 15 Mar 2019
Event	26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019) - Zhejiang University, Hangzhou, China Duration: 24 Feb 2019 → 27 Feb 2019 Conference number: 26 https://saner2019.github.io

Publication series

Name	SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering

Conference

Conference	26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)
Abbreviated title	SANER
Country/Territory	China
City	Hangzhou
Period	24/02/19 → 27/02/19
Internet address	https://saner2019.github.io

Keywords

Information Flow Control
JavaScript Security
Machine Learning
Programming Languages

Access to Document

10.1109/SANER.2019.8667979

GuardiaMLSubmitted manuscript, 465 KB
CameraReadyFinal published version, 238 KBLicence: Unspecified

http://soft.vub.ac.be/Publications/2019/vub-soft-tr-19-04.pdf

Cite this

Scull Pupo, A. L., Nicolay, J., Efthymiadis, K., Nowe, A., De Roover, C., & Gonzalez Boix, E. (2019). GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control. In E. Shihab, D. Lo, & X. Wang (Eds.), Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019) (pp. 624-628). [8667979] (SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering). IEEE. https://doi.org/10.1109/SANER.2019.8667979

Scull Pupo, Angel Luis ; Nicolay, Jens ; Efthymiadis, Kyriakos ; Nowe, Ann ; De Roover, Coen ; Gonzalez Boix, Elisa. / GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control. Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019). editor / Emad Shihab ; David Lo ; Xinyu Wang. IEEE, 2019. pp. 624-628 (SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering).

@inproceedings{631a22d0d42d41eb8afbba0e59334c82,

title = "GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control",

abstract = "Developing JavaScript and web applications with confidentiality and integrity guarantees is challenging. Information flow control enables the enforcement of such guarantees. However, the integration of this technique into software tools used by developers in their workflow is missing. In this paper we present GuardiaML, a machine learning-assisted dynamic information flow control tool for JavaScript web applications. GuardiaML enables developers to detect unwanted information flow from sensitive sources to public sinks. It can handle the DOM and interaction with internal and external libraries and services. Because the specification of sources and sinks can be tedious, GuardiaML assists in this process by suggesting the tagging of sources and sinks via a machine learning component. ",

keywords = "Information Flow Control, JavaScript Security, Machine Learning, Programming Languages",

author = "{Scull Pupo}, {Angel Luis} and Jens Nicolay and Kyriakos Efthymiadis and Ann Nowe and {De Roover}, Coen and {Gonzalez Boix}, Elisa",

year = "2019",

month = mar,

day = "15",

doi = "10.1109/SANER.2019.8667979",

language = "English",

isbn = "978-1-7281-0591-8",

series = "SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering",

publisher = "IEEE",

pages = "624--628",

editor = "Emad Shihab and David Lo and Xinyu Wang",

booktitle = "Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)",

note = "26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019), SANER ; Conference date: 24-02-2019 Through 27-02-2019",

url = "https://saner2019.github.io",

}

Scull Pupo, AL , Nicolay, J, Efthymiadis, K, Nowe, A , De Roover, C & Gonzalez Boix, E 2019, GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control. in E Shihab, D Lo & X Wang (eds), Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)., 8667979, SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering, IEEE, pp. 624-628, 26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019), Hangzhou, China, 24/02/19. https://doi.org/10.1109/SANER.2019.8667979

GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control. / Scull Pupo, Angel Luis ; Nicolay, Jens; Efthymiadis, Kyriakos; Nowe, Ann ; De Roover, Coen ; Gonzalez Boix, Elisa.

Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019). ed. / Emad Shihab; David Lo; Xinyu Wang. IEEE, 2019. p. 624-628 8667979 (SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › Research

TY - GEN

T1 - GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control

AU - Scull Pupo, Angel Luis

AU - Nicolay, Jens

AU - Efthymiadis, Kyriakos

AU - Nowe, Ann

AU - De Roover, Coen

AU - Gonzalez Boix, Elisa

N1 - Conference code: 26

PY - 2019/3/15

Y1 - 2019/3/15

N2 - Developing JavaScript and web applications with confidentiality and integrity guarantees is challenging. Information flow control enables the enforcement of such guarantees. However, the integration of this technique into software tools used by developers in their workflow is missing. In this paper we present GuardiaML, a machine learning-assisted dynamic information flow control tool for JavaScript web applications. GuardiaML enables developers to detect unwanted information flow from sensitive sources to public sinks. It can handle the DOM and interaction with internal and external libraries and services. Because the specification of sources and sinks can be tedious, GuardiaML assists in this process by suggesting the tagging of sources and sinks via a machine learning component.

AB - Developing JavaScript and web applications with confidentiality and integrity guarantees is challenging. Information flow control enables the enforcement of such guarantees. However, the integration of this technique into software tools used by developers in their workflow is missing. In this paper we present GuardiaML, a machine learning-assisted dynamic information flow control tool for JavaScript web applications. GuardiaML enables developers to detect unwanted information flow from sensitive sources to public sinks. It can handle the DOM and interaction with internal and external libraries and services. Because the specification of sources and sinks can be tedious, GuardiaML assists in this process by suggesting the tagging of sources and sinks via a machine learning component.

KW - Information Flow Control

KW - JavaScript Security

KW - Machine Learning

KW - Programming Languages

UR - http://www.scopus.com/inward/record.url?scp=85064180782&partnerID=8YFLogxK

U2 - 10.1109/SANER.2019.8667979

DO - 10.1109/SANER.2019.8667979

M3 - Conference paper

SN - 978-1-7281-0591-8

T3 - SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering

SP - 624

EP - 628

BT - Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)

A2 - Shihab, Emad

A2 - Lo, David

A2 - Wang, Xinyu

PB - IEEE

T2 - 26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)

Y2 - 24 February 2019 through 27 February 2019

ER -

Scull Pupo AL , Nicolay J, Efthymiadis K, Nowe A , De Roover C , Gonzalez Boix E. GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control. In Shihab E, Lo D, Wang X, editors, Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019). IEEE. 2019. p. 624-628. 8667979. (SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering). https://doi.org/10.1109/SANER.2019.8667979

GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

BRGIMP4: SECLOUD - Innoviris BRIDGE 2014