Developing JavaScript and web applications with confidentiality and integrity guarantees is challenging. Information flow control enables the enforcement of such guarantees. However, the integration of this technique into software tools used by developers in their workflow is missing. In this paper we present GuardiaML, a machine learning-assisted dynamic information flow control tool for JavaScript web applications. GuardiaML enables developers to detect unwanted information flow from sensitive sources to public sinks. It can handle the DOM and interaction with internal and external libraries and services. Because the specification of sources and sinks can be tedious, GuardiaML assists in this process by suggesting the tagging of sources and sinks via a machine learning component.
Original languageEnglish
Title of host publicationProceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)
PublisherIEEE
Number of pages5
Publication statusAccepted/In press - 2019
Event26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019) - Zhejiang University, Hangzhou, China
Duration: 24 Feb 201927 Feb 2019
Conference number: 26
https://saner2019.github.io

Conference

Conference26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)
Abbreviated titleSANER
CountryChina
CityHangzhou
Period24/02/1927/02/19
Internet address

    Research areas

  • JavaScript, Security, Information Flow Control, Programming Languages, Machine Learning

ID: 43882041